User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9b2pre) Gecko/2007121105 Minefield/3.0b2pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9b2pre) Gecko/2007121105 Minefield/3.0b2pre In Spain, the official SSL Certificates certifying entity is FNMT (Fabrica nacional de moneda y timbre / Coin and Stamps National manufacture). But when trying to access a web page with a certificate issued by that entity, a warning is displayed by the web browser. This will be increased in Firefox 3 as instead of displaying a warning it will show a web page with the error but nothing of the web page is displayed. I don't know whether the problem is that Mozilla does not recognize the FNMT as an SSL Certificates certifying entity or there is another problem. Anyway, no error is displayed with Internet Explorer, but surely this is not significant ;-) Reproducible: Always Steps to Reproduce: 1. Enter https://www.nic.es/ 2. Show (Código de error: sec_error_untrusted_issuer) Actual Results: https://www.nic.es/ dont show Expected Results: Mozilla reconize the FNMT SSL Certificates
IINM, Mozilla policy is to accept requests to include CA certs ONLY from representatives of the CA itself, and not from third parties (e.g. users). Perhaps you can ask someone at that CA to apply for inclusion in Mozilla.
Nelson is correct. Resolving as INCOMPLETE. You may use this bug as evidence of our policy in your email to FNMT. Gerv
Hola. Pertenezco a la CA FNMT. Estoy intentando realizar los pasos para poder incluir el certificado raíz de la FNMT en el almacén de autoridades de Firefox. ¿Qué debo hacer? Gracias
Reopening, Cristina is from FNMT and is asking what the steps are to include their certificate in Firefox. (cristina, toda la comunicación en Bugzilla se hace en inglés)
Christina, I've written the first draft of a wiki page on "How to apply for root CA certificate inclusion in Mozilla products". I think it will help you advance your request to the next stage. See it at http://wiki.mozilla.org/CA:Root_Certificate_Requests I invite your feedback by email.
I must give credit to Gervase Markham for writing the original guide, which I adapted into the wiki page. Thanks, Gerv.
Cristina, si necesitas ayuda para proporcionar la información necesaria para poder incluir el certificado, por favor, ponte en contacto conmigo e intentaré ayudarte. Esta mañana estaba usando Firefox 3 Beta 5 y me enconté con este problema. Yo tengo los conocimientos necessarios para resolverlo, pero la mayoría de la gente no, y el certificado de la FNMT CA es importante en España. Cristina, if you need help with providing the needed info to get the certificate included, please, you can contact me and I will help you. I was just using Firefox 3 Beta 5 this morning and I just faced this problem. I am technically skilled to solve it, but a lot of people is not, and FNMT CA is important in Spain.
Created attachment 314067 [details] cert details Here are the certificate details sent to me by cristina
Gervase, any news about this? Most official sites in Spain use certificates from FNMT and would be a pity that users think that "that warning page" means they have to use IE to access to the site.
Nukeador: Frank Hecker (the assignee of this bug) is currently running the root program. He's the man to speak to. Gerv
Hecker: What is the current status of this request?
Frank this is a hight priority bug for all the Spanish users, I'm checking it and most of public services are using now these certificates.
I vote for this bug. A lot of official Spanish websites uses this CA, so I think that this CA must be supported in Firefox 3.
You have to understand that FNMT is the issuer designed by Goverment as CA. Thought there are other recognised CAs, it is the main one, used in every official website. Also, to get the extent of this, every new National ID card (which is mandatory for every citizen) is an smartcard with a cert issued by FNMT CA, which can be legally used to digitally sign any document, and it, by Spanish Digital Signature Law, as to be recognized as such not only by Goverment, but by every citizen. Please, it is an important certificate, that has to be included to promote Firefox use within Spanish users. Not having it will mean that a lot of official webpages 'won't work' with FF from users point of view. And they will use IE instead. Thanks
Created attachment 321673 [details] Cert details in HTML format Jose, Guillermo, Ramon, and Nukeador, This bug is the place where Mozilla and the representatives of FNMT should communicate with each other, communicating the essential fact necessary for Mozilla to make the technical evaluation of the CA's application. It is NOT the place for advocacy. It's not the place for people to try to present persuasive and compelling arguments for acceptance of the applicant. The places for such advocacy are the newsgroup news://news.mozilla.org:119/mozilla.dev.tech.crypto and the associated mailing list, email@example.com . Note that the mailing list only accepts emails from list subscribers. Subscribe at https://lists.mozilla.org/listinfo/dev-tech-crypto
To follow the discussion in the Usenet group via web: http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/da33d24030fe5e6f#
(In reply to comment #15) > Created an attachment (id=321673) [details] > Cert details in HTML format > > Jose, Guillermo, Ramon, and Nukeador, > > This bug is the place where Mozilla and the representatives of FNMT should > communicate with each other, communicating the essential fact necessary for > Mozilla to make the technical evaluation of the CA's application. I fully agree with your remark about this place not being for advocacy (and therefore I'm sticking to BugZilla nettiquete). However, looking at the comment history I'd say that Mozilla is the one with the ball in his court. I'm pretty sure these days are not boring for anyone at Mozilla Corp., esp. those directly involved in Firefox 3 release, :-) but it would be a pity to fail to resolve this bug just because FNMT representatives and Mozilla staff were waiting each other to take the next step. So, just to clarify (and I'm not inquiring you, Nelson, as I think you're just trying to help to move forward this bug, and I thank you for that), is Mozilla staff waiting for FNMT people to do something else? TIA
Cristina has open a new bug (bug #435736) with all the information. Please, close this bug.
I didn´t open this bug. I can´t close it.
Closing as a duplicate of bug 435736