Closed Bug 496193 Opened 15 years ago Closed 15 years ago

Add Chunghwa Telecom ePKI Root Certification Authority certificate to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.5

People

(Reporter: kathleen.a.wilson, Assigned: nelson)

References

Details

Attachments

(4 files)

Root Cert
1.43 KB, application/x-x509-ca-cert
Details
Add certs for bugs 496193 499705 499712 509440
88.99 KB, patch
wtc
: review+
Details | Diff | Splinter Review
zip file containing test version of nssckbi.dll
133.88 KB, application/x-zip-compressed
Details
Testing result from CHT
132.90 KB, image/jpeg
Details 
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by Chunghwa Telecom.

Friendly name: 
ePKI Root Certification Authority

Certificate location: 
http://epki.com.tw/download/ROOTeCA.cer
(will also attach)

SHA1 Fingerprint: 
67:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0

Trust flags: 
SSL, email, object signing

Test URL: 
https://epki.com.tw/index_en.htm

This CA has been assessed in accordance with the Mozilla project guidelines,
and the root certificate has been approved for inclusion in bug 448794.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate. This process is mostly under the
control of the release drivers for those products.
Attached file Root Cert 

    
    

    
  
Nien Hua, Please see step #1 above.

    
    

    
  
dear kathleen:
  All the data and the certificate in this bug are correct.
  we will use "Windows XP SP3" to perform the verification.

Regards,

Nien Hua.

    
    

    
  
Hi Kai Engert,
We have been waiting for your reply regarding the certificate testing.
I would appreciate receiving a reply soon.

Best Regards,

Nien Hua.

    
    

    
  
Taking.  Patch forthcoming.
Assignee: kaie → nelson
Status: NEW → ASSIGNED
Target Milestone: --- → 3.12.5

    
    

    
  


  
This patch adds certs for the 4 presently outstanding NSS root CA requests,
two of which involve non-ASCII UTF8 characters in the nicknames.  I have 
chosen to put only ASCII characters into the c code comments, but to use 
hex encodings (e.g. \xNN) of the utf8 characters in the nicknames. 

Wan-Teh, please review.

        Attachment #397030 -
        Flags: review?(wtc)

    
    

    
  


  
This zip file contains the DLL with the CA's certificate, for testing by 
the CA, as specified in comment 0.  Please do your usual antivirus test on 
it, as you would with any binary download, then test it and report results 
to us here in this bug.

    
    

    
  
Comment on attachment 397030 [details] [diff] [review]
Add certs for bugs 496193 499705 499712 509440

r=wtc.  (You can omit the generated certdata.c in
the patch because it's impossible to review.)

In nssckbi.h, you may want to add a comment at line 67:

  *   - NSS 3.11 branch: 60-69
- *     ...
+ *   - NSS 3.12 branch: 70-79
+ *   - NSS 3.13 branch: 80-89
  *   - NSS 3.14 branch: 90-99

    
  

        Attachment #397030 -
        Flags: review?(wtc) → review+

    
    

    
  
we are tnankful for it.
Our develop team will test the dll file today and reply the result.

    
    

    
  

      
      
      
      

        Attached image
          
        Testing result from CHT
      

    


  

    
  

        Attachment #397591 -
        Attachment description: Testing result form CHT → Testing result from CHT

    
    

    
  
I'm attaching a file in jpg format regarding the test result.
It was a successful testing.
Please contact me if you cannot read it or have any questions.

    
    

    
  
I thank the CAs for their timely testing of the DLL.

Change committed on CVS trunk.
Checking in certdata.c;   new revision: 1.57; previous revision: 1.56
Checking in certdata.txt; new revision: 1.56; previous revision: 1.55
Checking in nssckbi.h;    new revision: 1.21; previous revision: 1.20

This will be in nssckbi version 1.76, and in some future version of Firefox.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
    

    
  
Thank you for the imformation.
We are appreciate of your hard work.
Best Regards,
Nien Hua

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: