Closed Bug 633546 Opened 14 years ago Closed 14 years ago

Add AffirmTrust root certificates to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Unassigned)

References

Details

Attachments

(4 files)

AffirmTrust Commercial Certificate
848 bytes, application/octet-stream
Details
AffirmTrust Networking Certificate
848 bytes, application/octet-stream
Details
AffirmTrust Premium Certificate
1.32 KB, application/octet-stream
Details
AffirmTrust Premium ECC Certificate
514 bytes, application/octet-stream
Details
This bug requests inclusion in the NSS root certificate store of the following certificates, owned by AffirmTrust. Friendly name: AffirmTrust Commercial Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=425501 SHA1 Fingerprint: F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 Trust flags: Websites Test URL: https://commercial.affirmtrust.com/ Friendly name: AffirmTrust Networking Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=425506 SHA1 Fingerprint: 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F Trust flags: Websites Test URL: https://networking.affirmtrust.com:4431/ Friendly name: AffirmTrust Premium Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=425507 SHA1 Fingerprint: D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 Trust flags: Websites Test URL: https://premium.affirmtrust.com:4432/ Friendly name: AffirmTrust Premium ECC Certificate location: https://bugzilla.mozilla.org/attachment.cgi?id=425513 SHA1 Fingerprint: B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB Trust flags: Websites Test URL: https://premiumecc.affirmtrust.com:4433/ This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #543639. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached. They must also specify what OS they would like to use to perform the verification below. 2) A Mozilla representative creates a test build of NSS with the new certificate(s), and attaches nssckbi.dll to this bug. A representative of the CA must download this, drop it into a copy of Firefox and/or Thunderbird on the OS in question and confirm (by adding a comment here) that the certificate(s) have been correctly imported and that websites work correctly. 3) The Mozilla representative checks the certificate(s) into the NSS store, and marks the bug RESOLVED FIXED. 4) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Kirk, Please see step #1 above.
Blocks: 633552
Thanks, Kathleen. This is to confirm that all the data in this bug is correct, and the correct certificates have been attached. We would like to use the Windows 7 OS to perform the verification below.
Depends on: 642129
A test version of Firefox is available at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-6873b2ef1dfb/ Please download soon. (This will go away after 3 days. Once it's gone, it will be available here http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/old/kaie@kuix.de-6873b2ef1dfb/ for another 10 days, after which it will be deleted automatically.) Please note this build is based on a nightly development/test version of Firefox. It might be unstable and have bugs. Please be careful. It's best to use a "fresh, empty profile", for your testing. (Search the web how to use separate profiles, start the profile manager, with Firefox). This is also recommended to make sure you're not testing your own certificate database, but really this software with the embedded certs. This test build contains your new roots, and if you have requested to, it also has the roots enabled for EV. Please make sure you add a confirmation comment in BOTH separate bugs (one for adding the root, one for enabling for EV, if applicable). Please note, adding your roots, and enabling roots for EV might happen in separate releases, although we try to do it all in the same release.
TODO, in this bug, please confirm that your root has been correctly added. In particular check the correct trust flags (in cert manager you can use "edit trust" to view the trust settings you've received).
This is to confirm that all four of our root have been correctly added. Thank you for your help. We will also confirm the same in Bug 633552. Kirk Hall, AffirmTrust
fixed in bug 642129
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: