Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 490495 - Enable Object Signing Trust Bit in NSS for the StartCom Certification Authority
: Enable Object Signing Trust Bit in NSS for the StartCom Certification Authority
[CA confirmed]
Product: NSS
Classification: Components
Component: CA Certificates (show other bugs)
: trunk
: All All
: P2 enhancement (vote)
: 3.12.4
Assigned To: Nelson Bolyard (seldom reads bugmail)
Depends on: 493660
Blocks: 451298
  Show dependency treegraph
Reported: 2009-04-28 10:16 PDT by Kathleen Wilson
Modified: 2009-05-22 09:58 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Description Kathleen Wilson 2009-04-28 10:16:44 PDT
Per bug 451298 the request from StartCom has been approved to enable the Object/Code Signing Trust Bit for its StartCom Certification Authority root certificate. Please make the corresponding changes to NSS.

The relevant information is as follows:

Friendly name: "StartCom Certification Authority"

SHA1 Fingerprint:

Test URL:
Comment 1 Nelson Bolyard (seldom reads bugmail) 2009-05-18 17:40:47 PDT
I have attached a Windows .DLL file to bug 493660.  I believe it contains
the added roots requested in this bug, with the requested (or changed) trust
flags, as requested in comment 0 of this bug.  

Please download that attachment from
Check it for viruses, and then follow the instructions given in 
to test it out.  Please report back HERE, in THIS bug, whether it contains
the right cert, by the right name, with the right trust flags.
Comment 2 Eddy Nigg (StartCom) 2009-05-18 17:50:27 PDT
Can you add the patched certdata.c, nssckbi.h and certdata.txt (this one is most likely not needed) so I can produce a build for Linux in order to verify?
Comment 3 Nelson Bolyard (seldom reads bugmail) 2009-05-18 17:53:33 PDT
The patch you seek is attached to bug 493660.  Beware, that file has windows
line endings, which you'll have to change before you apply the patch on Linux.

The one line patch to enable your root CA is found at
Comment 4 Eddy Nigg (StartCom) 2009-05-18 17:55:51 PDT
The patch doesn't cleanly apply with the NSS version I have, that's why I asked for the modified files. :S
Comment 5 Eddy Nigg (StartCom) 2009-05-18 17:57:18 PDT
Wait, I'm fetching the latest versions...
Comment 6 Eddy Nigg (StartCom) 2009-05-18 18:26:23 PDT
Confirmed by applying the patch to the latest sources.
Comment 7 Nelson Bolyard (seldom reads bugmail) 2009-05-22 09:58:10 PDT
Fixed by checkin of patch for bug 493660.  Will be in FF 3.5

Note You need to log in before you can comment on or make changes to this bug.