Closed
Bug 593063
Opened 14 years ago
Closed 14 years ago
Add TC TrustCenter Universal CA III root certificate to NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Assigned: KaiE)
References
Details
Attachments
(1 file)
|
997 bytes,
application/x-x509-ca-cert
|
Details |
This bug requests inclusion in the NSS root certificate store of the following
certificate, owned by TC TrustCenter.
Friendly name: TC TrustCenter Universal CA III
Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=411063
SHA1 Fingerprint: 96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87
Trust flags: Websites, Email, Code Signing
Test URL: https://testserver.universal-iii.trustcenter.de
This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #507360.
The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.
2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.
3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.
4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate. This process is mostly under the
control of the release drivers for those products.
|
Reporter | |
Comment 1•14 years ago
|
||
Ooops!
"This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #507360."
Should be
"This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #436467."
|
|
Reporter | |
Comment 2•14 years ago
|
||
Rolf, Please see step #1 above.
|
||
Comment 3•14 years ago
|
||
confirmed - The information above is correct.
|
|
Reporter | |
Comment 4•14 years ago
|
||
Rolf, Thanks for confirming that the data in this bug is correct.
Root inclusions are usually grouped and done as a batch when there is
either a large enough set of changes or about every 3 months.
At some point in the next 3 months a test build will be provided and this bug
will be updated to request that you test it. Since you are cc'd on this bug,
you will get notification via email when that happens.
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → kaie
|
|
Assignee | |
Comment 5•14 years ago
|
||
Current test builds (Mozilla experimental) for various platforms can be found
at
http://stage.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-b725b0fd279e/
Please note the builds at above location will be automatically deleted after
two weeks, so please make copies if you need them.
Please test and confirm that your roots have been added correctly, with the
correct trust flags (use certificate manager, find your cert, click "view" to
see the trust flags).
(Please note, if you have asked for enabling EV, that's not yet done, and will be a separate step.)
|
|
Assignee | |
Comment 6•14 years ago
|
||
Rolf, can you please check that all intermediate certificates are installed correctly on your test site?
I think they are missing.
|
|
Assignee | |
Comment 7•14 years ago
|
||
I made a new testbuild, now it includes the patch to enable roots for EV.
http://hg.mozilla.org/try/pushloghtml?changeset=c73f0117a36e
http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-c73f0117a36e/
I've learned that tryserver builds are automatically deleted quickly, after 4 days.
I've mirrored the most important files here:
http://kuix.de/mozilla/tryserver-roots-20101125/
|
|
Assignee | |
Comment 8•14 years ago
|
||
Here is my request to the CA, TC Trustcenter, according with first comment in
this bug, section (2):
Please download a test build from comment 10.
Please confirm that your root certificate(s) are correctly added to the NSS
root store.
In particular, please make sure that the certificate have the correct trust
flags. You can use Firefox preferences / advanced / encryption / certificates /
edit-trust to look at the trust flags.
Once you have confirmed, we are ready to add your certs to NSS.
|
|
Assignee | |
Comment 9•14 years ago
|
||
(In reply to comment #8)
> Here is my request to the CA, TC Trustcenter, according with first comment in
> this bug, section (2):
>
> Please download a test build from comment 10.
I mean comment 7.
>
> Please confirm that your root certificate(s) are correctly added to the NSS
> root store.
>
> In particular, please make sure that the certificate have the correct trust
> flags. You can use Firefox preferences / advanced / encryption / certificates /
> edit-trust to look at the trust flags.
>
> Once you have confirmed, we are ready to add your certs to NSS.
|
|
Assignee | |
Updated•14 years ago
|
Attachment #471533 -
Attachment mime type: application/octet-stream → application/x-x509-ca-cert
|
|
||
Comment 10•14 years ago
|
||
Adding the TC Universal III root was successful for us.
|
|
Assignee | |
Comment 11•14 years ago
|
||
Fixed by bug 613394
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•