Closed Bug 426575 Opened 14 years ago Closed 14 years ago

Enable Comodo's AddTrust External CA, UTN - DATACorp SGC, and UTN-USERFirst-Hardware roots for EV

Categories

(Core :: Security: PSM, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: hecker, Assigned: KaiE)

References

Details

Per bug 401587 I've approved enabling Comodo's existing AddTrust External CA, UTN - DATACorp SGC, and UTN-USERFirst-Hardware roots for Extended Validation use. The corresponding EV policy OID is 1.3.6.1.4.1.6449.1.2.1.5.1 for all three roots.

The CA should verify that the above EV policy OID is correct.
Depends on: 425518
This bug does not match any fingerprints, so I had to guess which certs are requested to be blessed. I'll shortly attach a snippet. Please verify that the SHA1 fingerprints and full subject names listed match the intended certificates.
+  {
+    // CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+    "1.3.6.1.4.1.6449.1.2.1.5.1",
+    "Comodo EV OID",
+    SEC_OID_UNKNOWN,
+    "02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68",
+    "MG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMd"
+    "QWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0"
+    "IEV4dGVybmFsIENBIFJvb3Q=",
+    "AQ==",
+    nsnull
+  },
+  {
+    // CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+    "1.3.6.1.4.1.6449.1.2.1.5.1",
+    "Comodo EV OID",
+    SEC_OID_UNKNOWN,
+    "58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4",
+    "MIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr"
+    "ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsT"
+    "GGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNv"
+    "cnAgU0dD",
+    "RL4Mi1AAIbQR0ypoBqmtaQ==",
+    nsnull
+  },
+  {
+    // CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+    "1.3.6.1.4.1.6449.1.2.1.5.1",
+    "Comodo EV OID",
+    SEC_OID_UNKNOWN,
+    "04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7",
+    "MIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr"
+    "ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsT"
+    "GGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz"
+    "dC1IYXJkd2FyZQ==",
+    "RL4Mi1AAJLQR0zYq/mUK/Q==",
+    nsnull
+  },


The patch to add this is in bug 425518.
Please speak up if you think the above information is wrong.
(in reply to comment #1)
> This bug does not match any fingerprints, so I had to guess which certs are
> requested to be blessed.

Kai, you guessed correctly.  :-)

(in reply to comment #2)
> Please speak up if you think the above information is wrong.

This information is all correct.

Thanks.
This request has been completed minutes ago with the patch for bug 425518.

marking fixed
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.