Closed
Bug 635385
Opened 15 years ago
Closed 14 years ago
Add Certum Trusted Network CA root CA certificate to NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
Attachments
(2 files)
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by Certum, an organizational unit of Unizeto Technologies SA:
Friendly name: Certum Trusted Network CA
Certificate location: http://repository.certum.pl/CTNCA.crt
SHA1 Fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
Trust flags: Websites, Email, Code Signing
Test URL: https://juice.certum.pl/
This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate(s) approved for inclusion in bug #532377.
The steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached.
2) A Mozilla representative creates a patch with the new certificate(s), and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificate(s) have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate(s). This process is mostly under the control of the release drivers for those products.
|
Reporter | |
Comment 1•15 years ago
|
||
Michal, Please see step #1 above.
|
||
Comment 2•15 years ago
|
||
I have problem with attached certificate. When I try to parse it using OpenSSL i get "unable to load certificate" error. In ASN.1 Editor I get "Indefinite length." error.
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 513590 [details]
Certum Root Cert encapsulated in PKCS7
This cert is inside a PKCS#7 signed data package. We must remove it from
that package before putting it into the trusted root list. Stay tuned.
Attachment #513590 -
Attachment description: Certum Root Cert → Certum Root Cert encapsulated in PKCS7
|
|
||
Comment 4•15 years ago
|
||
Here is the cert I extracted from the PKCS7 file above.
A CA representative should download it and verify it.
According to my test program it has these fingerprints.
Fingerprint (MD5):
D5:E9:81:40:C5:18:69:FC:46:2C:89:75:62:0F:AA:78
Fingerprint (SHA1):
07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
|
|
||
Updated•15 years ago
|
Attachment #513590 -
Attachment filename: CertumTrustedNetworkCA → CertumTrustedNetworkCA.p7s
Attachment #513590 -
Attachment mime type: application/octet-stream → application/pkcs7-signature
|
|
||
Comment 5•15 years ago
|
||
Thank you for explaining this issue.
I confirm that all the data is correct.
|
||
Comment 6•14 years ago
|
||
A test version of Firefox is available at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-6873b2ef1dfb/
Please download soon.
(This will go away after 3 days. Once it's gone, it will be available here
http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/old/kaie@kuix.de-6873b2ef1dfb/
for another 10 days, after which it will be deleted automatically.)
Please note this build is based on a nightly development/test version of Firefox. It might be unstable and have bugs. Please be careful. It's best to use a "fresh, empty profile", for your testing. (Search the web how to use separate profiles, start the profile manager, with Firefox). This is also recommended to make sure you're not testing your own certificate database, but really this software with the embedded certs.
This test build contains your new roots, and if you have requested to, it also has the roots enabled for EV.
Please make sure you add a confirmation comment in BOTH separate bugs (one for adding the root, one for enabling for EV, if applicable).
Please note, adding your roots, and enabling roots for EV might happen in separate releases, although we try to do it all in the same release.
|
|
||
Comment 7•14 years ago
|
||
TODO, in this bug, please confirm that your root has been correctly added.
In particular check the correct trust flags (in cert manager you can use "edit trust" to view the trust settings you've received).
|
|
||
Comment 8•14 years ago
|
||
I confirm that root has been correctly added and enabled for EV.
All 3 trust flags are enabled which is correct.
|
|
||
Comment 9•14 years ago
|
||
fixed in bug 642129
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•