Closed Bug 486759 Opened 15 years ago Closed 15 years ago

Add Three TC TrustCenter root certificates to NSS

Categories

(NSS :: CA Certificates Code, task, P2)

Product:
NSS
Component:
CA Certificates Code
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: kathleen.a.wilson, Assigned: nelson)

References

Details

(Whiteboard: [CA confirmed])

Attachments

(4 files)

TC TrustCenter Class 2 CA II (DER)
1.17 KB, application/octet-stream
Details
TC TrustCenter Class 3 CA II (DER)
1.17 KB, application/octet-stream
Details
TC TrustCenter Universal CA I (DER)
993 bytes, application/octet-stream
Details
Certificate has been verified for
22.08 KB, image/png
Details 
This bug requests inclusion in the NSS root certificate store of the following three certificates, owned by TC TrustCenter.

Friendly name: TC TrustCenter Class 2 CA II
Certificate location: 
http://www.trustcenter.de/media/class_2_ii.der
SHA1 Fingerprint: 
AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E
Trust flags: all
Test URL: 
https://testserver.class2-ii.trustcenter.de/

Friendly name: TC TrustCenter Class 3 CA II
Certificate location: 
http://www.trustcenter.de/media/class_3_ii.der
SHA1 Fingerprint: 
80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5
Trust flags: all
Test URL: 
https://testserver.class3-ii.trustcenter.de/

Friendly name: TC TrustCenter Universal CA I
Certificate location: 
http://www.trustcenter.de/media/Universal_CA-I.der
SHA1 Fingerprint: 
6B:2F:34:AD:89:58:BE:62:FD:B0:6B:5C:CE:BB:9D:D9:4F:4E:39:F3
Trust flags: all
Test URL: 
https://testserver.universal-i.trustcenter.de/

This CA has been assessed in accordance with the Mozilla project guidelines,and the certificate approved for inclusion in bug 392024.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate. This process is mostly under the
control of the release drivers for those products.
Rolf, Please see step #1 above.
The data in this bug is correct.
We prefer to test on Windows XP.
Depends on: 493660
I have attached a Windows .DLL file to bug 493660.  I believe it contains
the added roots requested in this bug, with the requested (or changed) trust
flags, as requested in comment 0 of this bug.  

Please download that attachment from 
https://bugzilla.mozilla.org/attachment.cgi?id=378202
Check it for viruses, and then follow the instructions given in 
https://bugzilla.mozilla.org/show_bug.cgi?id=493660#c2 
to test it out.  Please report back HERE, in THIS bug, whether it contains
the right cert, by the right name, with the right trust flags.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [Awaiting test confirmation from CA]
Target Milestone: --- → 3.12.4
The settings displayed in "Edit CA certificate trust settings" are correct for the three new root certificates.

Are the values displayed under "The certificate has been verified for the following uses" (when "view"ing the root certificates) related to the key usage extension and independent from the "trust settings"?
This is the O field in the subject DN of the issuer CA. Assuming this to be an intermediate CA...
I was referring to the field containing e.g. "SSL Certificate Authority" etc.
The certificates and certificate names are correct.
(In reply to comment #10)
> I was referring to the field containing e.g. "SSL Certificate Authority" etc.

I see "TC TrustCenter GmbH"...

BTW, I visited https://testserver.class2-ii.trustcenter.de/ and it appears to me that the certificate is directly issued from the CA root. Is this according to your declared CA policies?
In reply to comments 8-12, 
Eddy, I believe Rolf is referring to the words that appear at the top of 
the "general" tab in the cert viewer dialog.

Rolf, I don't yet know the answer to your question from comment 8. 
The answer may depend on the version of Firefox (or NSS) being used.
Whiteboard: [Awaiting test confirmation from CA] → [CA confirmed]
This is the screenshot related to comment 8
Fixed by checkin of patch for bug 493660.  Will be in FF 3.5
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: