Closed Bug 519904 Opened 16 years ago Closed 10 years ago

Add Wifi4india Root Certificates

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: administrator, Assigned: kathleen.a.wilson)

References

(
URL
)

Details

(Whiteboard: information incomplete)

Attachments

(1 file, 1 obsolete file)

Root CA and Intermediate CA Certificates
4.15 KB, application/zip
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 FileshuntToolbar/1.0.1 Firefox/3.5.3 (.NET CLR 3.5.30729) Build Identifier: This is regarding to Inclusion of our root CA Certificates in Mozilla products. Reproducible: Always
Attached file Wifi4india CA's Certificates (obsolete) —
Are you aware of Mozilla's CA Certificate Policy? See http://www.mozilla.org/projects/security/certs/policy/ and in particular number 14 for the information required to be submitted with this request.
Assignee: nobody → kathleen95014
Component: Tracking → CA Certificates
Product: Core → mozilla.org
QA Contact: chofmann → ca-certificates
Version: unspecified → other
Summary: CA root Certificate Inclusion in Mozilla products → Wifi4india root Certificate Inclusion in Mozilla products
Thank you for your interest in including your root certificates in Mozilla. Please see https://wiki.mozilla.org/CA:How_to_apply for a description of the process, and https://wiki.mozilla.org/CA:Information_checklist for the list of information that needs to be provided. I see that the attached .rar file contains 7 root certificates. Please explain the benefit of including each root in Mozilla, and identify which trust bits you would request for each root. Mozilla supports the following three trust bits: Websites (SSL/TLS), Email (S/MIME), Code Signing.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: Wifi4india root Certificate Inclusion in Mozilla products → Add Wifi4india Root Certificates
(In reply to comment #3) > Thank you for your interest in including your root certificates in Mozilla. > > Please see https://wiki.mozilla.org/CA:How_to_apply for a description of the > process, and https://wiki.mozilla.org/CA:Information_checklist for the list of > information that needs to be provided. > > I see that the attached .rar file contains 7 root certificates. Please explain > the benefit of including each root in Mozilla, and identify which trust bits > you would request for each root. Mozilla supports the following three trust > bits: Websites (SSL/TLS), Email (S/MIME), Code Signing. Dear Mr. Wilson, Thanks for your comment we have different levels of CA CLASS 1,2,3 of SSL/TLS and in other Class 1,2,3 for Email S/MIME digital signature and code signing and Class 1,2,3 for VPN connectivity. regards, Wifi4india Administrator
I see. Class 1, 2, and 3 are 1024-bit, 2048-bit, and 4096-bit respectively. The SSL/TLS roots are: CN = Wifi4india Class 1 Certification Authority CN = Wifi4india Class 2 Certification Authority CN = Wifi4india Class 3 Certification Authority The Email S/MIME and code-signing roots are CN = Wifi4india Class 1 Digital Signature Certification Authority CN = Wifi4india Class 2 Digital Signature Certification Authority CN = Wifi4india Class 3 Digital Signature Certification Authority The VPN root is 1024-bit: CN = Wifi4india VPN Secure Server Certification Authority All of these roots were created at the end of July, 2009. http://www.mozilla.org/projects/security/certs/policy/ requires that included CAs "provide some service relevant to typical users of our software products". Does Wifi4india offer certificates from these roots to the general public? Or to some subset of it? http://www.mozilla.org/projects/security/certs/policy/ (sections 8, 9, and 10) requires a publishable statement from an auditor (who meets the policy requirements) that states that they have reviewed the practices as outlined in the CP/CPS for these roots, and that the CA does indeed follow the documented practices and meets the requirements of one of: ETSI TS 101 456 ETSI TS 102 042 WebTrust Principles and Criteria for Certification Authorities Have these roots been audited as per the Mozilla CA Policy requirements?
(In reply to comment #5) > I see. Class 1, 2, and 3 are 1024-bit, 2048-bit, and 4096-bit respectively. > > The SSL/TLS roots are: > CN = Wifi4india Class 1 Certification Authority > CN = Wifi4india Class 2 Certification Authority > CN = Wifi4india Class 3 Certification Authority > > The Email S/MIME and code-signing roots are > CN = Wifi4india Class 1 Digital Signature Certification Authority > CN = Wifi4india Class 2 Digital Signature Certification Authority > CN = Wifi4india Class 3 Digital Signature Certification Authority > > The VPN root is 1024-bit: > CN = Wifi4india VPN Secure Server Certification Authority > > All of these roots were created at the end of July, 2009. > > http://www.mozilla.org/projects/security/certs/policy/ requires that included > CAs "provide some service relevant to typical users of our software products". > Does Wifi4india offer certificates from these roots to the general public? Or > to some subset of it? > > http://www.mozilla.org/projects/security/certs/policy/ (sections 8, 9, and 10) > requires a publishable statement from an auditor (who meets the policy > requirements) that states that they have reviewed the practices as outlined in > the CP/CPS for these roots, and that the CA does indeed follow the documented > practices and meets the requirements of one of: > ETSI TS 101 456 > ETSI TS 102 042 > WebTrust Principles and Criteria for Certification Authorities > > Have these roots been audited as per the Mozilla CA Policy requirements? Dear Mr. Wilson, As you mention the information is OK and accepted. earlier we have 5 years of CA certs which are expired these certs are new and all certs life are approx MM/DD/YY (7/26/2034). Will provide you the the audit reports also if needed. any other comments... please.
OK. Please provide the information that is asked for in https://wiki.mozilla.org/CA:Information_checklist
(In reply to comment #7) > OK. Please provide the information that is asked for in > https://wiki.mozilla.org/CA:Information_checklist 1. General information about the CA’s associated organization (i.e., the company, nonprofit organization, or government agency operating the CA), including.. Name: Wifi4india Website URL: http://www.wifi4india.com Organizational type: Private Corporation Primary market / customer base: World Wide 2. For each root CA whose certificate is to be included in Mozilla (or whose metadata is to be modified): The name of the root CA: Wifi4india Class 1 Certification Authority The root CA certificate: https://www.wifi4india.com/server/root_ca/all_classes The X.509 certificate version: 3 SHA-1 fingerprint: 45 8a 8e 66 86 0d 6c f9 ee 09 35 0b de 00 c0 70 c5 72 2b fd Type of signing key: RSA Signing key parameters: 1024 bits Valid from (YYYY-MM-DD): 2009-08-01 Valid to (YYYY-MM-DD): 2034-07-26 A description of the PKI hierarchy rooted at or otherwise associated with this root CA certificate, including: Any subordinate CAs operated by the CA organization associated with the root CA: We directly issue certs from our master CA we dont have any subordinate to issue certs all certs are issued directly from Wifi4india. Any subordinate CAs operated by third parties: No our CA's are directly operated by Wifi4india. Any other roots for which this root CA has issued cross-signing certificates: NO Whether certificates are issued for any of the following purposes within the hierarchy rooted at this root CA certificate Certificates usable for enabling web or other servers to support SSL/TLS connections: We issue certs to enable secure connection for web servers like IIS, Apache, FTP Servers. Certificates usable for signing and encrypting email messages (e.g., using S/MIME): We issue certs to sign and encrypt the email transmission. Certificates usable for digitally signing executable code objects: We issue certs to software venders to sign their software packages and files. CRL list download URL: https://www.wifi4india.com/server/root_ca/all_classes/crl_list
Please provide url's to the CP/CPS and audits. CP/CPS: The published document(s) describing how certificates are issued within the hierarchy rooted at this root, as well as other practices associated with the root CA and other CAs in the hierarchy, including in particular the Certification Practice Statement(s) (CPS) and related documents. (These documents should be available at publicly accessible URLs, and should be in English or available in English translation.) Audit: The published document(s) relating to independent audit(s) of the root CA and any CAs within the hierarchy rooted at the root. (For example, for WebTrust for CAs audits this would be the "audit report and management assertions" document available from the webtrust.org site or elsewhere.)
Severity: normal → enhancement
(In reply to comment #9) > Please provide url's to the CP/CPS and audits. > > CP/CPS: The published document(s) describing how certificates are issued within > the hierarchy rooted at this root, as well as other practices associated with > the root CA and other CAs in the hierarchy, including in particular the > Certification Practice Statement(s) (CPS) and related documents. (These > documents should be available at publicly accessible URLs, and should be in > English or available in English translation.) > > Audit: The published document(s) relating to independent audit(s) of the root > CA and any CAs within the hierarchy rooted at the root. (For example, for > WebTrust for CAs audits this would be the "audit report and management > assertions" document available from the webtrust.org site or elsewhere.) Here is the URL for CPS https://www.wifi4india.com/server/root_ca/all_cps/ Here is the URL for Audit https://www.wifi4india.com/server/root_ca/audit_2008_2009/ Our certs are audit every year by Maxnet Business Solutions and certified certificate is available on the website on the above given url.
> Here is the URL for CPS https://www.wifi4india.com/server/root_ca/all_cps/ When I go to that website, there is a link that says "Click Here to Download CPS", and the link is to https://www.wifi4india.com/server/root_ca/all_cps/ So, of course, it does nothing but take me to the page I'm already on. The audit link has the same problem. Please reply here when both have been fixed.
Whiteboard: information incomplete
(In reply to comment #11) > > Here is the URL for CPS https://www.wifi4india.com/server/root_ca/all_cps/ > > When I go to that website, there is a link that says "Click Here to Download > CPS", and the link is to https://www.wifi4india.com/server/root_ca/all_cps/ > So, of course, it does nothing but take me to the page I'm already on. > > The audit link has the same problem. > > Please reply here when both have been fixed. Dear Mr. Wilson, Our website is under maintenance the above given links will be restored as soon as possible. once it is restored it will port reply here.... thanks for your comments
> once it is restored it will port reply here Any update?
Closing this bug because it has been over a year since the CA has provided input. If the CA wishes to proceed, they may create a new bug and provide all of the information listed here: https://wiki.mozilla.org/CA:Information_checklist
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
Hi due to some technical issues we are not able to furnish the details now our CA is running and please review it once again. regards, Administrator Wifi4india Internet Services LLC
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
Hi this zip file contains the latest certificate of Root CA and Intermediate CA.
Attachment #403957 - Attachment is obsolete: true
Please follow these instructions and file a new Bugzilla bug regarding inclusion of the new root: https://wiki.mozilla.org/CA:How_to_apply#Creation_and_submission_of_the_root_CA_certificate_inclusion_request But first, please carefully review https://wiki.mozilla.org/CA:BaselineRequirements and make sure you have appropriate public-facing documentation and audit statements before starting the new request.
Status: REOPENED → RESOLVED
Closed: 14 years ago10 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: