Last Comment Bug 550521 - Add "ACEDICOM Root" root certificate to NSS
: Add "ACEDICOM Root" root certificate to NSS
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: CA Certificates (show other bugs)
: trunk
: All All
-- enhancement (vote)
: ---
Assigned To: Kai Engert (:kaie)
:
:
Mentors:
Depends on:
Blocks: 471045
  Show dependency treegraph
 
Reported: 2010-03-05 10:59 PST by Kathleen Wilson
Modified: 2010-04-19 02:20 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
ACEDICOM Root cert (2.03 KB, application/octet-stream)
2010-03-05 10:59 PST, Kathleen Wilson
no flags Details
Patch v1 - adding (8.59 KB, patch)
2010-03-24 10:47 PDT, Kai Engert (:kaie)
nelson: review+
Details | Diff | Splinter Review
incremental Patch v2 - update version (845 bytes, patch)
2010-03-24 10:48 PDT, Kai Engert (:kaie)
nelson: review+
Details | Diff | Splinter Review

Description User image Kathleen Wilson 2010-03-05 10:59:17 PST
Created attachment 430671 [details]
ACEDICOM Root cert

This bug requests inclusion in the NSS root certificate store of the following
certificate, owned by ACEDICOM.

Friendly name: ACEDICOM Root

Certificate location: http://acedicom.edicomgroup.com/archivos/certificados/ACEDICOM%20Root.crt

SHA1 Fingerprint: E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84

Trust flags: Websites, Email, Code Signing

Test URL: https://cartero.edicom.es/RootCertificatePrograms/test.htm

This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #471045.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate. This process is mostly under the
control of the release drivers for those products.
Comment 1 User image Kathleen Wilson 2010-03-05 11:08:12 PST
 Raúl, Please see step #1 above.
Comment 2 User image Raúl Santisteban 2010-03-08 02:31:00 PST
I confirm that all the data in this bug is correct. Also, for the verification process the OS can be either Linux(32 or 64 bit) or MS Windows XP 32 bits, or both if possible.
Comment 3 User image Kathleen Wilson 2010-03-08 12:35:57 PST
Thanks, Raúl, for confirming that the data in this bug is correct.

This request is now in the "Inclusion in NSS" phase as per:
https://wiki.mozilla.org/CA:How_to_apply#Timeline

Root inclusions/updates in NSS are grouped and done as a batch when there is
either a large enough set of changes or about every 3 months.

When this request gets included in a batch of root inclusions/updates, a test
build will be provided and this bug will be updated to request that you test
it. Since you are cc'd on this bug, you will get notification via email when
that happens.
Comment 4 User image Kai Engert (:kaie) 2010-03-24 10:47:22 PDT
Created attachment 434570 [details] [diff] [review]
Patch v1 - adding
Comment 5 User image Kai Engert (:kaie) 2010-03-24 10:48:16 PDT
Created attachment 434572 [details] [diff] [review]
incremental Patch v2 - update version
Comment 6 User image Kai Engert (:kaie) 2010-03-24 13:33:16 PDT
test build for your verification:
https://build.mozilla.org/tryserver-builds/kaie@kuix.de-kaie-roots1003/
Comment 7 User image Raúl Santisteban 2010-03-25 02:05:28 PDT
As ACEDICOM representative, I confirm that Windows, Linux and Mac OS versions of this firefox pre release works fine with ACEDICOM certificates.

Thanks.
Comment 8 User image Nelson Bolyard (seldom reads bugmail) 2010-03-28 20:31:37 PDT
Comment on attachment 434572 [details] [diff] [review]
incremental Patch v2 - update version

This is fine, but should not be committed until at least one one change to the builtins files is committed.
Comment 9 User image Nelson Bolyard (seldom reads bugmail) 2010-03-28 20:33:42 PDT
Comment on attachment 434570 [details] [diff] [review]
Patch v1 - adding

r=nelson (this is that one other checkin :).
Comment 10 User image Kai Engert (:kaie) 2010-03-29 06:50:34 PDT
Comment on attachment 434572 [details] [diff] [review]
incremental Patch v2 - update version

no longer necessary to update version, same change was already done 3 days ago as part of bug 555261.
Comment 11 User image Kai Engert (:kaie) 2010-03-29 07:12:11 PDT
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.65; previous revision: 1.64
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.62; previous revision: 1.61
done
Comment 12 User image Raúl Santisteban 2010-04-19 02:11:54 PDT
Hello all,
I'm not sure if this is the right place to inform but I've downloaded Mozilla Firefox 3.6.4 beta from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.4-candidates/build1/ I've checked that ACEDICOM Root certificate IS NOT included.

Is it right? Have we missed any step or so?

Thanks,
Comment 13 User image Nelson Bolyard (seldom reads bugmail) 2010-04-19 02:20:11 PDT
Raúl,
Firefox has not yet elected to pick up this latest version of NSS.
Please follow Bug 558140 to observe the progress of that request.

Note You need to log in before you can comment on or make changes to this bug.