Closed
Bug 467138
Opened 16 years ago
Closed 15 years ago
Add WISeKey root CA certificate to NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: hecker, Assigned: KaiE)
References
Details
Attachments
(1 file)
|
1013 bytes,
application/x-x509-ca-cert
|
Details |
This bug requests inclusion in the NSS root certificate store of the following root CA certificate, owned by WISeKey SA: Friendly name: "OISTE WISeKey Global Root GA CA" SHA-1 fingerprint: 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9 Trust flags: Email, Web sites URL: http://public.wisekey.com/crt/owgrgaca.crt The certificate(s) themselves will be attached momentarily, as downloaded from the URLs above and verified using the stated fingerprints. The OISTE WISeKey Global Root GA CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion per bug 371362. The remaining steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. 2) A Mozilla representative provides software and instructions for testing that the certificate(s) have been correctly included. A representative of the CA must download the software, follow the instructions, and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that SSL-enabled websites and other functions work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate(s). This process is mostly under the control of the release drivers for those products.
|
Reporter | |
Comment 1•16 years ago
|
||
Attached the WISeKey root CA certificate
In accordance with 1) I confirm on behalf of WISeKey that the data in the bug is correct, and the attached certificate is correct. Kevin Blackman, WISeKey SA
|
||
Updated•15 years ago
|
Component: Libraries → CA Certificates
QA Contact: libraries → root-certs
Version: unspecified → trunk
|
Assignee | |
Comment 3•15 years ago
|
||
Could you please provide a test URL, https address pointing to a server that uses a cert issued by this CA? Thanks.
(In reply to comment #3) > Could you please provide a test URL, https address pointing to a server that > uses a cert issued by this CA? Thanks. As requested:- https://secure.certifyid.com/certifyid/accounts/
|
|
Assignee | |
Comment 5•15 years ago
|
||
A test firefox build is available here: Please verify it contains your root CA cert with the correct trust flags. You should be able to connect to your test server. https://build.mozilla.org/tryserver-builds/2009-03-11_10:52-kaie@kuix.de-kaie-evroots-0903/ Please give feedback whether it looks correct. Thanks.
(In reply to comment #5) > Please give feedback whether it looks correct. > Thanks. It works properly, and has the correct test flags. However the Mozilla test build reports "Verified by Wisekey", whilst its the "OISTE WISeKey Root"... OISTE is the foundation that owns the private key, and Wisekey is the operating company. Can the Friendly Name be "OISTE WISeKey", and thus "verified by OISTE WISeKey" ? If yes then please let it be so. If not then we accept it as is.
|
|
Assignee | |
Comment 8•15 years ago
|
||
The friendly name we used is "OISTE WISeKey Global Root GA CA". This is not what you see displayed. I believe we display the O (organization) field from the root's subject name when you see "Wisekey" displayed.
|
||
Comment 9•15 years ago
|
||
Additionally it displays the intermediate CAs organization name, not the root. We've been discussing to have that changed though, albeit no decision has been taken as far as I know. Frank, is this something we should do?
|
||
Comment 10•15 years ago
|
||
OK, that answers my question. Everything A-ok on this side.
|
|
||
Comment 11•15 years ago
|
||
(In reply to comment #9) > Additionally it displays the intermediate CAs organization name, not the root. > We've been discussing to have that changed though, albeit no decision has been > taken as far as I know. Is there a bug about that? If so, what number?
|
|
||
Comment 12•15 years ago
|
||
Now there is: bug 483031
|
|
Assignee | |
Comment 13•15 years ago
|
||
fixed with the patch in bug 487718
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•15 years ago
|
Target Milestone: --- → 3.12.4
You need to log in
before you can comment on or make changes to this bug.
Description
•