Add S-TRUST Authentication and Encryption Root CA 2005:PN root certificate to NSS



10 years ago
10 years ago


(Reporter: kwilson, Assigned: nelson)


Dependency tree / graph

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [Awaiting test confirmation from CA])


(1 attachment)



10 years ago
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by S-TRUST.

Friendly name: 
S-TRUST Authentication and Encryption Root CA 2005:PN

Certificate location:

SHA1 Fingerprint:

Trust flags: Email

Test URL:

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate approved for inclusion in bug 370627.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.


10 years ago
Blocks: 370627

Comment 1

10 years ago
Marcus, Please see #1 above.
Assignee: nobody → kaie

Comment 2

10 years ago
Herewith I confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. 
We will use MS XP professional to perform the verification. 
Thanks to all who participated in this process and this bug for your support. 
Component: Libraries → CA Certificates
QA Contact: libraries → root-certs
Could you please send a signed S/Mime test email to my email account, which was signed using a cert issued by this new CA? Thanks.
A test firefox build is available here:
Please verify it contains your root CA cert with the correct trust flags.
You may be able to import one of your test email certificates (exclude private key) and look at it with cert viewer. It should be reported as verified.

Please give feedback whether it looks right.
20 days have passed and no feedback received.

Comment 6

10 years ago
Dear board-members, 
what is the status of the implementation of our S-TRUST CA?
I can´t download the test firefox. 
What is our part to finish this process ?
Thanks for your sopport

Kai, can you please provide another tryserver build?

Markus, when the try build is available again, follow the instructions from comment 4 (rather soonish, since tryserver builds happen to disappear after a short amount of time).
In reply to comment 0, 
> Friendly name: 
> S-TRUST Authentication and Encryption Root CA 2005:PN

Friendly names cannot have ':' characters in them.  
Would the following be an acceptable alternative?

  S-TRUST Authentication and Encryption Root CA 2005 PN
Posted file The DER cert
Depends on: 493660
I have attached a Windows .DLL file to bug 493660.  I believe it contains
the added roots requested in this bug, with the requested (or changed) trust
flags, as requested in comment 0 of this bug.  

Please download that attachment from
Check it for viruses, and then follow the instructions given in 
to test it out.  Please report back HERE, in THIS bug, whether it contains
the right cert, by the right name, with the right trust flags.
Assignee: kaie → nelson
Priority: -- → P2
Whiteboard: [Awaiting test confirmation from CA]
Target Milestone: --- → 3.12.4
Fixed by checkin of patch for bug 493660.  Will be in FF 3.5
Last Resolved: 10 years ago
Resolution: --- → FIXED

Comment 12

10 years ago
After chanching the dll in Mozilla Firefox our aut/enc certificate seems to be included correctly. (Using FF version 3.0.11)
You need to log in before you can comment on or make changes to this bug.