Closed Bug 496193 Opened 16 years ago Closed 15 years ago

Add Chunghwa Telecom ePKI Root Certification Authority certificate to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.5

People

(Reporter: kathleen.a.wilson, Assigned: nelson)

References

Details

Attachments

(4 files)

Root Cert
1.43 KB, application/x-x509-ca-cert
Details
Add certs for bugs 496193 499705 499712 509440
88.99 KB, patch
wtc
: review+
Details | Diff | Splinter Review
zip file containing test version of nssckbi.dll
133.88 KB, application/x-zip-compressed
Details
Testing result from CHT
132.90 KB, image/jpeg
Details
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by Chunghwa Telecom. Friendly name: ePKI Root Certification Authority Certificate location: http://epki.com.tw/download/ROOTeCA.cer (will also attach) SHA1 Fingerprint: 67:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0 Trust flags: SSL, email, object signing Test URL: https://epki.com.tw/index_en.htm This CA has been assessed in accordance with the Mozilla project guidelines, and the root certificate has been approved for inclusion in bug 448794. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below. 2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Attached file Root Cert
Nien Hua, Please see step #1 above.
dear kathleen: All the data and the certificate in this bug are correct. we will use "Windows XP SP3" to perform the verification. Regards, Nien Hua.
Hi Kai Engert, We have been waiting for your reply regarding the certificate testing. I would appreciate receiving a reply soon. Best Regards, Nien Hua.
Taking. Patch forthcoming.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Target Milestone: --- → 3.12.5
This patch adds certs for the 4 presently outstanding NSS root CA requests, two of which involve non-ASCII UTF8 characters in the nicknames. I have chosen to put only ASCII characters into the c code comments, but to use hex encodings (e.g. \xNN) of the utf8 characters in the nicknames. Wan-Teh, please review.
Attachment #397030 - Flags: review?(wtc)
This zip file contains the DLL with the CA's certificate, for testing by the CA, as specified in comment 0. Please do your usual antivirus test on it, as you would with any binary download, then test it and report results to us here in this bug.
Comment on attachment 397030 [details] [diff] [review] Add certs for bugs 496193 499705 499712 509440 r=wtc. (You can omit the generated certdata.c in the patch because it's impossible to review.) In nssckbi.h, you may want to add a comment at line 67: * - NSS 3.11 branch: 60-69 - * ... + * - NSS 3.12 branch: 70-79 + * - NSS 3.13 branch: 80-89 * - NSS 3.14 branch: 90-99
Attachment #397030 - Flags: review?(wtc) → review+
we are tnankful for it. Our develop team will test the dll file today and reply the result.
Attached image Testing result from CHT
Attachment #397591 - Attachment description: Testing result form CHT → Testing result from CHT
I'm attaching a file in jpg format regarding the test result. It was a successful testing. Please contact me if you cannot read it or have any questions.
I thank the CAs for their timely testing of the DLL. Change committed on CVS trunk. Checking in certdata.c; new revision: 1.57; previous revision: 1.56 Checking in certdata.txt; new revision: 1.56; previous revision: 1.55 Checking in nssckbi.h; new revision: 1.21; previous revision: 1.20 This will be in nssckbi version 1.76, and in some future version of Firefox.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Thank you for the imformation. We are appreciate of your hard work. Best Regards, Nien Hua
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: