This bug requests inclusion in the NSS root certificate store of the following certificate, owned by S-TRUST. Friendly name: S-TRUST Authentication and Encryption Root CA 2005:PN Certificate location: http://www.s-trust.de/service_support/zertifikatsmanagement/verzeichnisdienste/download_wurzelzertifikate/ordner_crt_dateien/authentication.crt SHA1 Fingerprint: BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 Trust flags: Email Test URL: https://bugzilla.mozilla.org/attachment.cgi?id=357849 This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate approved for inclusion in bug 370627. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below. 2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Marcus, Please see #1 above.
Herewith I confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. We will use MS XP professional to perform the verification. Thanks to all who participated in this process and this bug for your support. Marcus
Component: Libraries → CA Certificates
QA Contact: libraries → root-certs
Could you please send a signed S/Mime test email to my email account, which was signed using a cert issued by this new CA? Thanks.
A test firefox build is available here: Please verify it contains your root CA cert with the correct trust flags. You may be able to import one of your test email certificates (exclude private key) and look at it with cert viewer. It should be reported as verified. https://build.mozilla.org/tryserver-builds/2009-03-11_10:email@example.com/ Please give feedback whether it looks right. Thanks.
20 days have passed and no feedback received.
Dear board-members, what is the status of the implementation of our S-TRUST CA? I can´t download the test firefox. What is our part to finish this process ? Thanks for your sopport Marcus
Kai, can you please provide another tryserver build? Markus, when the try build is available again, follow the instructions from comment 4 (rather soonish, since tryserver builds happen to disappear after a short amount of time).
In reply to comment 0, > Friendly name: > S-TRUST Authentication and Encryption Root CA 2005:PN Friendly names cannot have ':' characters in them. Would the following be an acceptable alternative? S-TRUST Authentication and Encryption Root CA 2005 PN
I have attached a Windows .DLL file to bug 493660. I believe it contains the added roots requested in this bug, with the requested (or changed) trust flags, as requested in comment 0 of this bug. Please download that attachment from https://bugzilla.mozilla.org/attachment.cgi?id=378202 Check it for viruses, and then follow the instructions given in https://bugzilla.mozilla.org/show_bug.cgi?id=493660#c2 to test it out. Please report back HERE, in THIS bug, whether it contains the right cert, by the right name, with the right trust flags.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [Awaiting test confirmation from CA]
Target Milestone: --- → 3.12.4
Fixed by checkin of patch for bug 493660. Will be in FF 3.5
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
After chanching the dll in Mozilla Firefox our aut/enc certificate seems to be included correctly. (Using FF version 3.0.11)
You need to log in before you can comment on or make changes to this bug.