Closed
Bug 487647
Opened 15 years ago
Closed 15 years ago
Add Deutsche Telekom Root CA 2 root certificate to NSS
Categories
(NSS :: CA Certificates Code, task, P2)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: kathleen.a.wilson, Assigned: nelson)
References
Details
(Whiteboard: [CA Confirmed])
Attachments
(1 file)
931 bytes,
application/octet-stream
|
Details |
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by T-Systems, a wholly-owned subsidiary of Deutsche Telekom AG. Friendly name: Deutsche Telekom Root CA 2 Certificate location: http://wwwca.telesec.de/cgi-bin/caservice/Common/InstallRoot/DT-Root-CA-2.cer SHA1 Fingerprint: 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF Trust flags: All Test URL: I was using https://www.pki.dfn.de/ as the test url, but now this is doing a re-direct to http. Wolfgang, please provide a url to a website whose cert chains up to this root. This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate approved for inclusion in bug 378882. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below. 2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Reporter | ||
Comment 1•15 years ago
|
||
Wolfgang, please see #1 above.
Comment 2•15 years ago
|
||
Hello, here are some more URLs for testing: https://webmail.tu-clausthal.de/ https://webmail.uni-weimar.de/ https://webmail.tu-berlin.de/ https://webmail.uni-jena.de/imp/ they all (currently) chain up to the Telekom root.
Comment 3•15 years ago
|
||
Kathleen, sorry for not answering to that comment directly. Yes, the data stated in this bug are correct, also the attached certificate. We would like to have the NSS tested primarily on Windows XP. Vista and Linux would be the next ones, if you do additional tests. Kind regards T-Systems Enterprise Services GmbH ICTO, CSS, Professional Services & Solutions Wolfgang Pietrus Senior IT-Architekt Pallaswiesenstr. 178, D-64293 Darmstadt +49 6151 818-6113 (Tel) +49 6151 818-652 (Fax) E-mail: Wolfgang.Pietrus@t-systems.com http://www.t-systems.com T-Systems Enterprise Services GmbH Supervisory Board: René Obermann (Chairman) Board of Management: Reinhard Clemens (Chairman), Olaf Heyden, Joachim Langmack, Dr. Matthias Schuster, Klaus Werner Commercial register: Amtsgericht Frankfurt am Main HRB 55933 Registered office: Frankfurt am Main WEEE -Reg.-No. DE87523644
Assignee | ||
Comment 4•15 years ago
|
||
Assignee | ||
Comment 5•15 years ago
|
||
I have attached a Windows .DLL file to bug 493660. I believe it contains the added roots requested in this bug, with the requested (or changed) trust flags, as requested in comment 0 of this bug. Please download that attachment from https://bugzilla.mozilla.org/attachment.cgi?id=378202 Check it for viruses, and then follow the instructions given in https://bugzilla.mozilla.org/show_bug.cgi?id=493660#c2 to test it out. Please report back HERE, in THIS bug, whether it contains the right cert, by the right name, with the right trust flags.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [Awaiting test confirmation from CA]
Target Milestone: --- → 3.12.4
Comment 6•15 years ago
|
||
Nelson, we have performed some tests and have found no problems so far. With that we can say that it is the right certificate, the right name the trust flags we requested the trust chain works properly. Best regards Wolfgang Pietrus T-Systems
Assignee | ||
Updated•15 years ago
|
Whiteboard: [Awaiting test confirmation from CA] → [CA Confirmed]
Assignee | ||
Comment 7•15 years ago
|
||
Fixed by checkin of patch for bug 493660. Will be in FF 3.5
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•