This bug requests inclusion in the NSS root certificate store of the following root CA certificate, owned by WISeKey SA: Friendly name: "OISTE WISeKey Global Root GA CA" SHA-1 fingerprint: 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9 Trust flags: Email, Web sites URL: http://public.wisekey.com/crt/owgrgaca.crt The certificate(s) themselves will be attached momentarily, as downloaded from the URLs above and verified using the stated fingerprints. The OISTE WISeKey Global Root GA CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion per bug 371362. The remaining steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. 2) A Mozilla representative provides software and instructions for testing that the certificate(s) have been correctly included. A representative of the CA must download the software, follow the instructions, and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that SSL-enabled websites and other functions work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate(s). This process is mostly under the control of the release drivers for those products.
Created attachment 350552 [details] OISTE WISeKey Global Root GA CA certificate Attached the WISeKey root CA certificate
In accordance with 1) I confirm on behalf of WISeKey that the data in the bug is correct, and the attached certificate is correct. Kevin Blackman, WISeKey SA
Could you please provide a test URL, https address pointing to a server that uses a cert issued by this CA? Thanks.
(In reply to comment #3) > Could you please provide a test URL, https address pointing to a server that > uses a cert issued by this CA? Thanks. As requested:- https://secure.certifyid.com/certifyid/accounts/
A test firefox build is available here: Please verify it contains your root CA cert with the correct trust flags. You should be able to connect to your test server. https://build.mozilla.org/tryserver-builds/2009-03-11_10:firstname.lastname@example.org/ Please give feedback whether it looks correct. Thanks.
(In reply to comment #5) > Please give feedback whether it looks correct. > Thanks. It works properly, and has the correct test flags. However the Mozilla test build reports "Verified by Wisekey", whilst its the "OISTE WISeKey Root"... OISTE is the foundation that owns the private key, and Wisekey is the operating company. Can the Friendly Name be "OISTE WISeKey", and thus "verified by OISTE WISeKey" ? If yes then please let it be so. If not then we accept it as is.
Correction: It has the correct TRUST flags.
The friendly name we used is "OISTE WISeKey Global Root GA CA". This is not what you see displayed. I believe we display the O (organization) field from the root's subject name when you see "Wisekey" displayed.
Additionally it displays the intermediate CAs organization name, not the root. We've been discussing to have that changed though, albeit no decision has been taken as far as I know. Frank, is this something we should do?
OK, that answers my question. Everything A-ok on this side.
(In reply to comment #9) > Additionally it displays the intermediate CAs organization name, not the root. > We've been discussing to have that changed though, albeit no decision has been > taken as far as I know. Is there a bug about that? If so, what number?
Now there is: bug 483031
fixed with the patch in bug 487718