Closed Bug 449393 Opened 14 years ago Closed 14 years ago

Add WellsSecure Public Root Certificate Authority root to NSS


(NSS :: Libraries, enhancement)

Not set


(Not tracked)



(Reporter: hecker, Assigned: KaiE)



Per bug 428390 I have approved the request from Wells Fargo to add its WellsSecure Public Root Certificate Authority certificate to NSS with the SSL trust bit (only) enabled.

The relevant information for the new root CA cert is as follows:

Name: WellsSecure Public Root Certificate Authority

SHA-1 fingerprint:
E7 B4 F6 9D 61 EC 90 69 DB 7E 90 A7 40 1A 3C F4 7D 4F E8 EE

Root cert URL:

Trust bits: SSL (only)

Gordon, can you please do a final confirmation that this is the correct root?
Blocks: 449394

I confirm that the root requested for inclusion contains the 
Common Name:
WellsSecure Public Root Certificate Authority

Sha-1 fingerprint:
e7 b4 f6 9d 61 ec 90 69 db 7e 90 a7 40 1a 3c f4 7d 4f e8 ee

thank you!

Depends on: 449883
Please verify that our intended code change works as expected.
Please get Firefox 2 for Windows, move away file nssckbi.dll, get attachment 333022 [details], unzip it and place nssckbi.dll into your firefox 2 installation directory.
When you do this you should be able to open certificate manager and find the new root.
No feedback, no inclusion.
(In reply to comment #3)
> No feedback, no inclusion.


Was the request in comment #2 for Wells Fargo? If so, I will test this morning, as soon as possible!

~Gordon Young
Wells Fargo
Gordon, yes comment 2 was for Wells Fargo.
Before we add a new root, we require that you confirm that our intended changes match your expectations, because we have had some confusion in the past when we skipped this step.

Basically get firefox 2, drop in the provided test dll, and test whether the new root is present as expected and works as expected.


(Usually Frank pastes a much longer set of instructions in his original bug comment, which includes mentioning this step)

The update works as expected! A basic test using the attached library, calling an internal test site that chains up to the root for inclusion was a sucess.

I verify/confirm that the requested code change does work as intended by Wells Fargo.

~Gordon Young
Wells Fargo 
For Frank or Kai:

Will a test for FF v3 be provided, should it be assumend that the same code change will happen in v3? As well will we be able to test for EV SSL meta data and EV SSL visual indicator?

Gordon, at this time we do not provide binary builds that allow you to test EV, because that is not limited to NSS, it would require a full firefox application build. Too much work.

But did you see my comment and request in bug 449394? I ask that you please provide a link to a sample site so that I can do a basic EV test.
Hi Kai,

Per 449394:

Please try this site:

Thanks Gordon. All future discussion regarding EV should take place in bug 449394.
Marking fixed, the code change was done in bug 449883.
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.