Closed Bug 449393 Opened 12 years ago Closed 12 years ago

Add WellsSecure Public Root Certificate Authority root to NSS

Categories

(NSS :: Libraries, enhancement)

enhancement
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: hecker, Assigned: KaiE)

References

Details

Per bug 428390 I have approved the request from Wells Fargo to add its WellsSecure Public Root Certificate Authority certificate to NSS with the SSL trust bit (only) enabled.

The relevant information for the new root CA cert is as follows:

Name: WellsSecure Public Root Certificate Authority

SHA-1 fingerprint:
E7 B4 F6 9D 61 EC 90 69 DB 7E 90 A7 40 1A 3C F4 7D 4F E8 EE

Root cert URL:
http://crl.pki.wellsfargo.com/wsprca.crt

Trust bits: SSL (only)

Gordon, can you please do a final confirmation that this is the correct root?
Blocks: 449394
Frank,

I confirm that the root requested for inclusion contains the 
Common Name:
WellsSecure Public Root Certificate Authority

Sha-1 fingerprint:
e7 b4 f6 9d 61 ec 90 69 db 7e 90 a7 40 1a 3c f4 7d 4f e8 ee

thank you!

~Gordon
Depends on: 449883
Please verify that our intended code change works as expected.
Please get Firefox 2 for Windows, move away file nssckbi.dll, get attachment 333022 [details], unzip it and place nssckbi.dll into your firefox 2 installation directory.
When you do this you should be able to open certificate manager and find the new root.
No feedback, no inclusion.
(In reply to comment #3)
> No feedback, no inclusion.

Kai,

Was the request in comment #2 for Wells Fargo? If so, I will test this morning, as soon as possible!

~Gordon Young
Wells Fargo
Gordon, yes comment 2 was for Wells Fargo.
Before we add a new root, we require that you confirm that our intended changes match your expectations, because we have had some confusion in the past when we skipped this step.

Basically get firefox 2, drop in the provided test dll, and test whether the new root is present as expected and works as expected.

Thanks.

(Usually Frank pastes a much longer set of instructions in his original bug comment, which includes mentioning this step)
Kai,

The update works as expected! A basic test using the attached library, calling an internal test site that chains up to the root for inclusion was a sucess.

I verify/confirm that the requested code change does work as intended by Wells Fargo.

~Gordon Young
Wells Fargo 
For Frank or Kai:

Will a test for FF v3 be provided, should it be assumend that the same code change will happen in v3? As well will we be able to test for EV SSL meta data and EV SSL visual indicator?

~Gordon
Gordon, at this time we do not provide binary builds that allow you to test EV, because that is not limited to NSS, it would require a full firefox application build. Too much work.

But did you see my comment and request in bug 449394? I ask that you please provide a link to a sample site so that I can do a basic EV test.
Hi Kai,

Per 449394:

Please try this site:

https://nerys.wellsfargo.com/test.html

~Gordon
Thanks Gordon. All future discussion regarding EV should take place in bug 449394.
Marking fixed, the code change was done in bug 449883.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.