add Trustwave "Secure Global CA" EV root

RESOLVED FIXED

Status

task
RESOLVED FIXED
12 years ago
2 years ago

People

(Reporter: agray, Assigned: hecker)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: EV - inclusion approved)

Attachments

(2 attachments)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Build Identifier: 

Name of the CA certificate in question:
The Trustwave "Secure Global CA" root certificate is located here:
https://www.securetrust.com/legal/SGCA.txt)

Published CP/CPS where we describe how we're operating in accordance with the
EV guidelines:
http://www.securetrust.com/legal/issuer.html includes:
SecureTrust Extended Validation CPS
Extended Validation SSL Relying Party Agreement
Extended Validation Subcriber Agreement

CRL for Secure Global CA CRL:
http://crl.securetrust.com/SGCA.crl

Published CPSs for other uses:
https://www.securetrust.com/legal/

Current (1ssued November 2007) AICPA/CICA WebTrust for Certification
Authorities Audit Report including EV audit can be found here:
https://cert.webtrust.org/ViewSeal?id=359

EV OID(s) for the CA certificate in question:
2.16.840.1.114404.1.1.2.4.1
(http://www.securetrust.com/legal/issuer.html)


This CA is currently/soon shall be used to issue certificates marked for:
1.3.6.1.5.5.7.3.1 - id_kp_serverAuth
1.3.6.1.5.5.7.3.2 - id_kp_clientAuth
1.3.6.1.5.5.7.3.3 - id_kp_codeSigning
1.3.6.1.5.5.7.3.4 - id_kp_emailProtection
1.3.6.1.5.5.7.3.8 - id_kp_timeStamping
1.3.6.1.5.5.7.3.9 - OCSPSigning  

We currently issue SMIME, EV, and OV certificates off of this root.  Based upon outcome of current cabforum activity, we may also issue code signing certificates off it as well.

SHA1 thumbprint: 3a 44 73 5a e5 81 90 1f 24 86 61 46 1e 3b 9c c4 5f f5 3a 1b

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=SecureTrust Corporation, CN=Secure Global CA
        Validity
            Not Before: Nov  7 19:42:28 2006 GMT
            Not After : Dec 31 19:52:06 2029 GMT
        Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:af:35:2e:d8:ac:6c:55:69:06:71:e5:13:68:24:
                    b3:4f:d8:cc:21:47:f8:f1:60:38:89:89:03:e9:bd:
                    ea:5e:46:53:09:dc:5c:f5:5a:e8:f7:45:2a:02:eb:
                    31:61:d7:29:33:4c:ce:c7:7c:0a:37:7e:0f:ba:32:
                    98:e1:1d:97:af:8f:c7:dc:c9:38:96:f3:db:1a:fc:
                    51:ed:68:c6:d0:6e:a4:7c:24:d1:ae:42:c8:96:50:
                    63:2e:e0:fe:75:fe:98:a7:5f:49:2e:95:e3:39:33:
                    64:8e:1e:a4:5f:90:d2:67:3c:b2:d9:fe:41:b9:55:
                    a7:09:8e:72:05:1e:8b:dd:44:85:82:42:d0:49:c0:
                    1d:60:f0:d1:17:2c:95:eb:f6:a5:c1:92:a3:c5:c2:
                    a7:08:60:0d:60:04:10:96:79:9e:16:34:e6:a9:b6:
                    fa:25:45:39:c8:1e:65:f9:93:f5:aa:f1:52:dc:99:
                    98:3d:a5:86:1a:0c:35:33:fa:4b:a5:04:06:15:1c:
                    31:80:ef:aa:18:6b:c2:7b:d7:da:ce:f9:33:20:d5:
                    f5:bd:6a:33:2d:81:04:fb:b0:5c:d4:9c:a3:e2:5c:
                    1d:e3:a9:42:75:5e:7b:d4:77:ef:39:54:ba:c9:0a:
                    18:1b:12:99:49:2f:88:4b:fd:50:62:d1:73:e7:8f:
                    7a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.20.2: 
                ...C.A
            X509v3 Key Usage: 
            Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
            CA:TRUE
            X509v3 Subject Key Identifier: 
            AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4
            X509v3 CRL Distribution Points: 
            URI:http://crl.securetrust.com/SGCA.crl

            1.3.6.1.4.1.311.21.1: 
                ...
    Signature Algorithm: sha1WithRSAEncryption
        63:1a:08:40:7d:a4:5e:53:0d:77:d8:7a:ae:1f:0d:0b:51:16:
        03:ef:18:7c:c8:e3:af:6a:58:93:14:60:91:b2:84:dc:88:4e:
        be:39:8a:3a:f3:e6:82:89:5d:01:37:b3:ab:24:a4:15:0e:92:
        35:5a:4a:44:5e:4e:57:fa:75:ce:1f:48:ce:66:f4:3c:40:26:
        92:98:6c:1b:ee:24:46:0c:17:b3:52:a5:db:a5:91:91:cf:37:
        d3:6f:e7:27:08:3a:4e:19:1f:3a:a7:58:5c:17:cf:79:3f:8b:
        e4:a7:d3:26:23:9d:26:0f:58:69:fc:47:7e:b2:d0:8d:8b:93:
        bf:29:4f:43:69:74:76:67:4b:cf:07:8c:e6:02:f7:b5:e1:b4:
        43:b5:4b:2d:14:9f:f9:dc:26:0d:bf:a6:47:74:06:d8:88:d1:
        3a:29:30:84:ce:d2:39:80:62:1b:a8:c7:57:49:bc:6a:55:51:
        67:15:4a:be:35:07:e4:d5:75:98:37:79:30:14:db:29:9d:6c:
        c5:69:cc:47:55:a2:30:f7:cc:5c:7f:c2:c3:98:1c:6b:4e:16:
        80:eb:7a:78:65:45:a2:00:1a:af:0c:0d:55:64:34:48:b8:92:
        b9:f1:b4:50:29:f2:4f:23:1f:da:6c:ac:1f:44:e1:dd:23:78:
        51:5b:c7:16
-----BEGIN CERTIFICATE-----
MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
-----END CERTIFICATE-----

Note information on the "historical dangling" OIDS above in the extensions -
1.3.6.1.4.1.311.21.1 & 1.3.6.1.4.1.311.20.2 - which currently are of no
importance or relevance, to us, can be found here:
http://support.microsoft.com/kb/287547.  Also, these extensions are NOT
CRITICAL.

Reproducible: Always
(Reporter)

Comment 1

12 years ago
"XRamp Security Services, Inc.", successor to SecureTrust corporation, a wholly
owned subsidiary of Trustwave Holdings, Inc. ("Trustwave") 
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Updated

11 years ago
Status: NEW → ASSIGNED
Whiteboard: EV
(Assignee)

Comment 2

11 years ago
This is basically a resubmittal of bug 367670 for just the Secure Global CA root, is it not? Is the information in this bug (audit, CPS, etc.) more up to date than in the other bug? If so I may close the other bug and focus on this one.
(Reporter)

Comment 3

11 years ago
(In reply to comment #2)
> Is the information in this bug (audit, CPS, etc.) more up to
> date than in the other bug? 

The information is more up to date.  Go ahead and close off https://bugzilla.mozilla.org/show_bug.cgi?id=367670

(Assignee)

Comment 4

11 years ago
I've resolved bug 367670 as INVALID because it is superseded by this bug. I've renamed the SecureTrust entry in the pending request list to reference Trustwave instead, and have updated the entry to include the latest information as I understand it:

http://www.mozilla.org/projects/security/certs/pending/#Trustwave

Andrew, please review the information for Trustwave and the Secure Global CA and let me know if it's correct or needs correction.
(Reporter)

Comment 5

11 years ago
I have confirmed with our auditor that the final release version (Effective 09/30/07) of the EV Audit specification was used.
(Reporter)

Comment 6

11 years ago
In http://www.mozilla.org/projects/security/certs/pending/#Trustwave, for the Secure Global CA entry,

"SecureTrust Corporation Certificate Practice Statement for S/MIME Certificates, Version 1.5.1" 

should read

"SecureTrust Certification Practice Statement for S/MIME Certificates, version 1.6.0"  and linked to:

https://www.securetrust.com/legal/SecureTrust_SMIME_CPS_1_6_0.pdf

The link for the S/MIME cps correctly links to this newer document from https://www.securetrust.com/legal/
(Assignee)

Comment 7

11 years ago
Thanks for the additional information and for the corrected S/MIME CPS reference; I've updated the pending list to reflect this.

Also, a heads-up: I noted that you offer CRLs but not OCSP. Although this won't affect your formal approval one way or the other (because the EV guidelines allow use of either), in practice you may get affected by bug 405139.
Independent of approval process, for technical testing purposes: Could you please supply an https:// URL to an example SSL server (customer or demo) that uses a server cert issued (directly or through intermediates) by this root? Should you request multiple roots to be enabled for EV, please provide one example URL for each root. Thank you.
(Assignee)

Comment 9

11 years ago
I have now completed my review of Trustwave's application for adding the Secure Global CA root CA certificate and enabling it for EV use, per the official Mozilla CA certificate policy at:

http://www.mozilla.org/projects/security/certs/policy/

I apologize for any delays on my part in doing the review.

Here follows my final assessment. If anyone sees any factual errors, please
point them out.

Section 4 [Technical]. I'm not aware of any technical issues with certificates issued by Trustwave, or of instances where Trustwave has knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug report.

Section 6 [Relevancy and Policy]. Trustwave appears to provide a service
relevant to Mozilla users; it is a commercial CA operating in United States and serving customers worldwide; it incorporates the SecureTrust and XRamp CAs. Its policies are documented in its CPSs:

  https://www.securetrust.com/legal/evCPS.pdf
  https://www.securetrust.com/legal/securetrust%20cps%20for%20ov.pdf
  https://www.securetrust.com/legal/SecureTrust_SMIME_CPS_1_6_0.pdf
  https://www.securetrust.com/legal/SecureTrust_Code_Signing_CPS.pdf

(These are for EV SSL certificates, OV SSL certificates, S/MIME email certificates, and code signing certificates respectively.)

* Email: For S/MIME certificates issued to individuals, Trustwave verifies control of the email account associated with the email address referenced in the
certificate. (See section III.B.2 in the S/MIME CPS.)

* SSL: For OV SSL certificates Trustwave validates organizational identity and control of the domain referenced in the certificate. (See section III.B.3 in the OV CPS.) For EV SSL certificates Trustwave validates identity and domain ownership using procedures consistent with the EV guidelines. (See section III.B.3 in the EV CPS.) 

* Code: For code signing certificates Trustwave verifies the applicant's identity. (See section III.B.2 of the Trustwave code signing CPS.)

Section 8-10 [Audit]. Trustwave has successfully completed an independent
audit using the WebTrust for CAs criteria and the WebTrust EV criteria. The audit was done by Boysen & Miller PLLC. Attestation of the successful completion of the audit is in the form of a standard WebTrust/WebTrust EV report available at

https://cert.webtrust.org/SealFile?seal=359&file=pdf

Note that the WebTrust EV audit was done against the final 1.0 version of the EV guidelines. Audits are done annually.

Section 13 [Certificate Hierarchy]. This particular request is for the Secure Global CA root. Trustwave also has two other root CAs; requests for those roots are being handled separately as bug 409837 and bug 409840. At this time there are no subordinate CAs for the Secure Global CA; instead end entity certificates are issued directly from the root, with different classes of certificates under different certificate policies. The Secure Global CA is not associated with a single CPS, rather end entity certs are associated with policies that link to the CPS that the certificate was issued under: an EV CPS, an OV CPS, etc.

(Note that mixing certificates of different classes under a single CA is contrary to section 13 of the Mozilla CA certificate policy; however that section is a recommendation only, not a requirement.)

Other: Trustwave issues CRLs at least every 10-14 days. (Note that this is an upper bound, per sections II.I and V.C of the EV CPS and other CPS documents. Trustwave may in fact issue CRLs more frequently, but this is not stated in the CPSs.) Trustwave does not currently have an OCSP responder.

Based on the above information, I am minded to approve the inclusion of the Secure Global CA root in NSS (and thence in Firefox and other Mozilla-based products), with trust bits for SSL, email, and code signing set, and the root's enabling for EV with policy OID 2.16.840.1.114404.1.1.2.4.1. Before I issue my final approval, I'm opening up a period of public discussion of this request in the mozilla.dev.tech.crypto newsgroup [1].

[1] The mozilla.dev.tech.crypto newsgroup is accessible via NNTP-capable
newsreaders at:

  news://news.mozilla.org/mozilla.dev.tech.crypto

via email by subscribing to the associated mailing list:

  https://lists.mozilla.org/listinfo/dev-tech-crypto

and via the web at:

  http://groups.google.com/group/mozilla.dev.tech.crypto/topics
(Reporter)

Comment 10

11 years ago
(In reply to comment #8)
> Independent of approval process, for technical testing purposes: Could you
> please supply an https:// URL to an example SSL server (customer or demo) that
> uses a server cert issued (directly or through intermediates) by this root?
> Should you request multiple roots to be enabled for EV, please provide one
> example URL for each root. Thank you.
> 

https://xgcatest.trustwave.com/

-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgIDAjRzMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJV
UzEeMBwGA1UECxMVd3d3LnhyYW1wc2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFt
cCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTArBgNVBAMTJFhSYW1wIEdsb2JhbCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wODAxMjUxNTIwMjFaFw0wOTAxMjUx
NTIwMjFaMIHVMRAwDgYDVQQFEwczOTM5NzM3MRMwEQYLKwYBBAGCNzwCAQMTAlVT
MRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRswGQYDVQQPExJWMS4wLCBDbGF1
c2UgNS4oZCkxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UE
BxMHQ2hpY2FnbzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMR8w
HQYDVQQDExZ4Z2NhdGVzdC50cnVzdHdhdmUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCteC7dPuP2hftEMsnZyKVs4YuTZ+H1r+BicrN4M8V0zCbsHMk7
MSL4M0q43gghVioKoeiAsVb/fIuQQpO+NDbM9LYoKU0jK2ARLqY2CLBRephE0rhw
+V3Gc2zGdqskjCW/iSE6pKkRMzmxUf/84ek1USbXTX2ly95aWQIZMNyC/wIDAQAB
o4IBADCB/TAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMZPoj0GY4QJnM5i5ASs
jVy16bYbMB0GA1UdDgQWBBTsmytLBuGYjk1M263PmnA8IcP4HzALBgNVHQ8EBAMC
BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDov
L2NybC5zZWN1cmV0cnVzdC5jb20vWEdDQS5jcmwwVQYDVR0gBE4wTDBKBgxghkgB
hv1kAQECBAEwOjA4BggrBgEFBQcCARYsaHR0cDovL3d3dy5zZWN1cmV0cnVzdC5j
b20vbGVnYWwvaXNzdWVyLmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAEv3qBpZOxN5
MfZXk17FP/I3SFl3Czgg9Aa7NcGM1vp0/bngnWtkwoxg1u8RwPSEA5SBZfF2wczE
jAmPIMZtGraqU6A0jsNTCbWoLh/c60N3i/gwlLsfj3K7zaegjviDERIfy8omzfzs
OCzFFgE6HS4rGZHoAkU6tdTMXS/eFPI9tiSqYrmX97MGfGOhgx+BxYezBhDEfCg0
d0HkUZutOtXiBbCPRVO+4ZdjnBdmSGgN2OniL94RkpzIm2OuDvNQUshg4NaCl3UX
4ENjLNBzcvdeQCNWkGqzlTv39HJpUhyUZ3d/VGzJPlRj1NGGWrPYURvabHMg+BYj
Vbh6otn6S5A=
-----END CERTIFICATE-----
(Reporter)

Comment 11

11 years ago
Correction, the certificate and testsite above is for bug 409840.

The following is correct for this bug entry:

https://sgcatest.trustwave.com

-----BEGIN CERTIFICATE-----
MIIEGzCCAwOgAwIBAgIDB2VnMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNVBAYTAlVT
MSAwHgYDVQQKExdTZWN1cmVUcnVzdCBDb3Jwb3JhdGlvbjEZMBcGA1UEAxMQU2Vj
dXJlIEdsb2JhbCBDQTAeFw0wODAxMjUxNTM0NTFaFw0wOTAxMjUxNTM0NTFaMIHV
MRAwDgYDVQQFEwczOTM5NzM3MRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYB
BAGCNzwCAQITCERlbGF3YXJlMRswGQYDVQQPExJWMS4wLCBDbGF1c2UgNS4oZCkx
CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2Fn
bzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMR8wHQYDVQQDExZz
Z2NhdGVzdC50cnVzdHdhdmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCWAM+MFEzJiX3AJSlgUG60s1axCohAoxRYDEQYnfaHWEXPuNWmvUwvjhQ0YzX5
jpXRNAmah3katX2hmRjO0MMtC1mMqp2VOvMyov8yQ0NjmiPPOimZJ5Y9SdhxOP2t
n67ac0cXz+ZUN0IXaukkV8CknumYuPd7DdaieU3HI/opBwIDAQABo4IBADCB/TAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFK9EBMJBfkiD2045AuzshHrmzsmkMB0G
A1UdDgQWBBRS0O3tacTgfNy3Xoo2BAakPaZpCjALBgNVHQ8EBAMCBaAwEwYDVR0l
BAwwCgYIKwYBBQUHAwEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1
cmV0cnVzdC5jb20vU0dDQS5jcmwwVQYDVR0gBE4wTDBKBgxghkgBhv1kAQECBAEw
OjA4BggrBgEFBQcCARYsaHR0cDovL3d3dy5zZWN1cmV0cnVzdC5jb20vbGVnYWwv
aXNzdWVyLmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAJ2IYP/DW0z1OeI9Rm4D6mCs
LPweKHZgWaL1UVogR0BN+Dd41iJO2dJSOtFj0cfmVdku0sOMvhAE2BmWHFPCgTVx
uWqowA/0yvVL/DIpypu7w6PNIjQVhr9M/jxM6vBonVcnanxdjOu/HrHm0lbt1fMp
d1HfXwFdRr7idWlD8xqrXi4yLfQR4sjhP3pjG3QIopOOMBzmNyqfE9XeqGXAT41R
9+Wun4zIE8BA1CxQByV1J5IrJorLhk9G1wiqLfPcEuNSvqCO27gKeYTTreQQlngr
wOmOsPv959/odvz6CKc7Kl5jONe5nRxuAhQQrU2yjleh0Q38x62J9BmJ3S4492w=
-----END CERTIFICATE-----
(Assignee)

Comment 12

11 years ago
The comment period has ended and there are no outstanding issues or questions,
so I'm formally approving this Trustwave request to add the "Secure Global CA" root and enable it for EV use. I'll proceed to file bugs against NSS and PSM for the actual changes.
(Assignee)

Comment 13

11 years ago
Filed bug 418907 to add the root cert and 418910 to EV enable it. Marking this bug as dependent just on bug 418910, since bug 418910 already depends on bug 418907.
Depends on: 418910
shortening summary
Summary: Please add the Trustwave "Secure Global CA" root certificate and mark for EV → add Trustwave "Secure Global CA" EV root
Whiteboard: EV → EV - inclusion approved
(Assignee)

Updated

11 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED

Comment 17

5 years ago
Publicly-disclosed intermediate certs - updated

Updated

2 years ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.