Add SecureSign RootCA11 root certificate to NSS

RESOLVED FIXED

Status

NSS
CA Certificates Code
--
enhancement
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: Kathleen Wilson, Assigned: kaie)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: In NSS 3.12.6 and Firefox 3.6.2)

Attachments

(1 attachment, 1 obsolete attachment)

1.24 KB, application/octet-stream
Details
(Reporter)

Description

8 years ago
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by JCSI.

Friendly name: SecureSign RootCA11

Certificate location: https://www2.jcsinc.co.jp/repository/certs/SSAD-rca.der

SHA1 Fingerprint: 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3

Trust flags: Websites

Test URL: https://ssad0406_2.jcsinc.co.jp/

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate approved for inclusion in bug #496863.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
(Reporter)

Comment 1

8 years ago
Created attachment 424027 [details]
JCSI Root Cert
(Reporter)

Comment 2

8 years ago
Created attachment 424029 [details]
JCSI Root Cert
Attachment #424027 - Attachment is obsolete: true
(Reporter)

Comment 3

8 years ago
Akira, Please see step #1 above.

Comment 4

8 years ago
I have confirmed that all the data in this bug is correct, and the certificate attached to this bug is the one to be included. 
I would like to use Firefox 3.6 on Windows 7 and Windows XP as the test bed for step #2.
(Reporter)

Comment 5

8 years ago
This request is now in the "Inclusion in NSS" phase as per:
https://wiki.mozilla.org/CA:How_to_apply#Timeline

Root inclusions/updates in NSS are grouped and done as a batch when there is
either a large enough set of changes or about every 3 months.

When this request gets included in a batch of root inclusions/updates, a test build will be provided and this bug will be updated to request that you test it. Since you are cc'd on this bug, you will get notification via email when that happens.
(Assignee)

Updated

8 years ago
Depends on: 542476
(Assignee)

Comment 6

8 years ago
Please find test builds here:
https://build.mozilla.org/tryserver-builds/kaie@kuix.de-test2_192_542476/

Please note, the files in that directory will go away in around 14 days, so
please act quickly, or download and keep them.

It's a test build of Firefox 3.6 which includes your root cert.
For testing on Windows you need -win32.zip, for Linux -linux.tar.bz2, for Mac
get -macosx.dmg (will be there soon))

Please test it, connect to a test site, make sure it works as you expect, and
also verify that it has the correct trust flags you have asked for (certificate
manager, CA tab, click cert, click "edit" to view the trust flags).

Please report whether it's OK.

Comment 7

8 years ago
Thank you for additional work, Kai. 

We have tested this build on Windows 7, Windows Vista, and Windows XP.
Our test site was displayed correctly as we expected.
Our SecureSign RootCA11 root cert was found in the Built-in Object Token,
and the identity was verified by finger prints. 
The trust flag was correct ( web site only ).

Linux build did not include our root cert. Mac build is not tested yet.

There is one question.

I specified Windows as our test bed, but we do not want to limit
Mozilla product with our root cert within Windows world.
We hope Linux and Mac users to rely on our root cert, too.

If Mozilla needs our confirmation to every environment before shipping,
I would like you to create another test build for Mac and Linux
including our root cert, and we will test it ASAP.

Comment 8

8 years ago
Sorry. Our test process has some bug. 

This build CAN be tested on Linux and probably on Mac. 
I apologize for my misleading report. 

We will continue testing.

Comment 9

8 years ago
Thank you for patience.

We have tested this build on Windows 7, Vista, XP,
as well as Linux (CentOS), Mac OSX. 
For all environment;
Our test site was displayed correctly as we expected.
Our SecureSign RootCA11 root cert was found in the Built-in Object Token,
and the identity was verified by finger prints. 
The trust flag was correct ( web site only ).

That is, this test build is OK. 

Best Regards,
Akira Machida, JCSI
(Reporter)

Updated

8 years ago
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.12.6 and Firefox 3.6.2
You need to log in before you can comment on or make changes to this bug.