Last Comment Bug 525008 - Add "CNNIC ROOT" root certificate to NSS
: Add "CNNIC ROOT" root certificate to NSS
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: CA Certificates (show other bugs)
: trunk
: All All
: -- enhancement (vote)
: ---
Assigned To: Kai Engert (:kaie)
:
Mentors:
Depends on: 527759
Blocks: 476766
  Show dependency treegraph
 
Reported: 2009-10-28 10:45 PDT by Kathleen Wilson
Modified: 2009-12-17 07:47 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
CNNIC Root Cert (857 bytes, application/x-x509-ca-cert)
2009-10-28 10:45 PDT, Kathleen Wilson
no flags Details

Description Kathleen Wilson 2009-10-28 10:45:19 PDT
Created attachment 408876 [details]
CNNIC Root Cert

This bug requests inclusion in the NSS root certificate store of the following certificate, owned by the China Internet Network Information Center (CNNIC):

Friendly name: CNNIC ROOT

Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=405525

SHA1 Fingerprint: 8b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f

Trust flags: websites

Test URL: https://www.enum.cn/

This CA has been assessed in accordance with the Mozilla project guidelines, and the root certificate has been approved for inclusion in bug #476766.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate(s). This process is mostly under
the control of the release drivers for those products.
Comment 1 Kathleen Wilson 2009-10-28 10:49:57 PDT
Liu Yan, Please see step #1 above.
Comment 2 Liu Yan 2009-10-28 18:24:36 PDT
Appreciate for Kathleen's help.

I confirm that the data is correct, and the certificate is also no problem. Since most Chinese users are using Windows XP, we would like to verify the test certificate with Windows XP.
Comment 3 Kai Engert (:kaie) 2009-11-11 02:24:30 PST
Please perform the test (3) mentioned in the initial comment in this bug.

Instead of using a separate nssckbi.dll, I've produced a full test firefox build, please download from:
https://build.mozilla.org/tryserver-builds/kaie@kuix.de-bug527759/

We'll wait for you to confirm your root(s) have been added correctly to this test build (cert listed in cert manager, trust flags as expected, you can connect to your test site as expected).
Comment 4 Kathleen Wilson 2009-11-23 12:18:34 PST
Liu Yan, Please test and post your results in this bug as soon as possible.
Comment 5 Liu Yan 2009-11-25 19:07:24 PST
Sorry reply so late. I confirm the result is Ok. We haven't found any mistake. And the certificate is correct. 
Thank you so much!
Comment 6 Kai Engert (:kaie) 2009-12-17 07:47:43 PST
Resolved fixed by Bug 527759

Note You need to log in before you can comment on or make changes to this bug.