Closed Bug 478573 Opened 15 years ago Closed 15 years ago

Add S-TRUST Authentication and Encryption Root CA 2005:PN root certificate to NSS

Categories

(NSS :: CA Certificates Code, task, P2)

Product:
NSS
Component:
CA Certificates Code
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: kathleen.a.wilson, Assigned: nelson)

References

Details

(Whiteboard: [Awaiting test confirmation from CA])

Attachments

(1 file)

The DER cert
1.12 KB, application/octet-stream
Details 
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by S-TRUST.

Friendly name: 
S-TRUST Authentication and Encryption Root CA 2005:PN

Certificate location:
http://www.s-trust.de/service_support/zertifikatsmanagement/verzeichnisdienste/download_wurzelzertifikate/ordner_crt_dateien/authentication.crt

SHA1 Fingerprint:
BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 

Trust flags: Email

Test URL: 
https://bugzilla.mozilla.org/attachment.cgi?id=357849

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate approved for inclusion in bug 370627.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Blocks: 370627
Marcus, Please see #1 above.
Assignee: nobody → kaie
Herewith I confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. 
We will use MS XP professional to perform the verification. 
Thanks to all who participated in this process and this bug for your support. 
Marcus
Component: Libraries → CA Certificates
QA Contact: libraries → root-certs
Could you please send a signed S/Mime test email to my email account, which was signed using a cert issued by this new CA? Thanks.
A test firefox build is available here:
Please verify it contains your root CA cert with the correct trust flags.
You may be able to import one of your test email certificates (exclude private key) and look at it with cert viewer. It should be reported as verified.

https://build.mozilla.org/tryserver-builds/2009-03-11_10:52-kaie@kuix.de-kaie-evroots-0903/

Please give feedback whether it looks right.
Thanks.
20 days have passed and no feedback received.
Dear board-members, 
what is the status of the implementation of our S-TRUST CA?
I can´t download the test firefox. 
What is our part to finish this process ?
Thanks for your sopport

Marcus
Kai, can you please provide another tryserver build?

Markus, when the try build is available again, follow the instructions from comment 4 (rather soonish, since tryserver builds happen to disappear after a short amount of time).
In reply to comment 0, 
> Friendly name: 
> S-TRUST Authentication and Encryption Root CA 2005:PN

Friendly names cannot have ':' characters in them.  
Would the following be an acceptable alternative?

  S-TRUST Authentication and Encryption Root CA 2005 PN
Attached file The DER cert 
Depends on: 493660

    
    

    
  
I have attached a Windows .DLL file to bug 493660.  I believe it contains
the added roots requested in this bug, with the requested (or changed) trust
flags, as requested in comment 0 of this bug.  

Please download that attachment from 
https://bugzilla.mozilla.org/attachment.cgi?id=378202
Check it for viruses, and then follow the instructions given in 
https://bugzilla.mozilla.org/show_bug.cgi?id=493660#c2 
to test it out.  Please report back HERE, in THIS bug, whether it contains
the right cert, by the right name, with the right trust flags.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [Awaiting test confirmation from CA]
Target Milestone: --- → 3.12.4

    
    

    
  
Fixed by checkin of patch for bug 493660.  Will be in FF 3.5
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
    

    
  
After chanching the dll in Mozilla Firefox our aut/enc certificate seems to be included correctly. (Using FF version 3.0.11)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: