Closed
Bug 426575
Opened 17 years ago
Closed 17 years ago
Enable Comodo's AddTrust External CA, UTN - DATACorp SGC, and UTN-USERFirst-Hardware roots for EV
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
People
(Reporter: hecker, Assigned: KaiE)
References
Details
Per bug 401587 I've approved enabling Comodo's existing AddTrust External CA, UTN - DATACorp SGC, and UTN-USERFirst-Hardware roots for Extended Validation use. The corresponding EV policy OID is 1.3.6.1.4.1.6449.1.2.1.5.1 for all three roots.
The CA should verify that the above EV policy OID is correct.
Assignee | ||
Comment 1•17 years ago
|
||
This bug does not match any fingerprints, so I had to guess which certs are requested to be blessed. I'll shortly attach a snippet. Please verify that the SHA1 fingerprints and full subject names listed match the intended certificates.
Assignee | ||
Comment 2•17 years ago
|
||
+ {
+ // CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+ "1.3.6.1.4.1.6449.1.2.1.5.1",
+ "Comodo EV OID",
+ SEC_OID_UNKNOWN,
+ "02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68",
+ "MG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMd"
+ "QWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0"
+ "IEV4dGVybmFsIENBIFJvb3Q=",
+ "AQ==",
+ nsnull
+ },
+ {
+ // CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+ "1.3.6.1.4.1.6449.1.2.1.5.1",
+ "Comodo EV OID",
+ SEC_OID_UNKNOWN,
+ "58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4",
+ "MIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr"
+ "ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsT"
+ "GGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNv"
+ "cnAgU0dD",
+ "RL4Mi1AAIbQR0ypoBqmtaQ==",
+ nsnull
+ },
+ {
+ // CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+ "1.3.6.1.4.1.6449.1.2.1.5.1",
+ "Comodo EV OID",
+ SEC_OID_UNKNOWN,
+ "04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7",
+ "MIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr"
+ "ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsT"
+ "GGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz"
+ "dC1IYXJkd2FyZQ==",
+ "RL4Mi1AAJLQR0zYq/mUK/Q==",
+ nsnull
+ },
The patch to add this is in bug 425518.
Please speak up if you think the above information is wrong.
Comment 3•17 years ago
|
||
(in reply to comment #1)
> This bug does not match any fingerprints, so I had to guess which certs are
> requested to be blessed.
Kai, you guessed correctly. :-)
(in reply to comment #2)
> Please speak up if you think the above information is wrong.
This information is all correct.
Thanks.
Assignee | ||
Comment 4•17 years ago
|
||
This request has been completed minutes ago with the patch for bug 425518.
marking fixed
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•