Last Comment Bug 635390 - Enable Certum Trusted Network CA root certificate for EV in PSM
: Enable Certum Trusted Network CA root certificate for EV in PSM
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: unspecified
: All All
-- enhancement (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: David Keeler [:keeler] (use needinfo?)
Depends on: 635385 642144
Blocks: 532377
  Show dependency treegraph
Reported: 2011-02-18 14:26 PST by Kathleen Wilson
Modified: 2011-05-05 14:04 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Kathleen Wilson 2011-02-18 14:26:57 PST
Per bug #532377 the request from Certum has been approved to enable its root certificate for EV use. Please make the corresponding changes to PSM.

The relevant information is as follows.

Friendly name: Certum Trusted Network CA
SHA1 Fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
EV Policy OID: 1.2.616.1.113527.
Test URL:
Comment 1 User image Kathleen Wilson 2011-02-18 14:28:12 PST
Michal, Please confirm that the above information is correct.

Also, please perform the testing described on the following wiki page, and post
a comment in this bug when the testing has been successfully completed.
Comment 2 User image Michal Proszkiewicz 2011-02-22 01:43:22 PST
I've successfully completed the EV test.
Comment 3 User image Kai Engert (:kaie) 2011-03-16 09:57:34 PDT
Your test server does not send the full chain of certificates that are necessary to find the path from server cert to root cert.
Comment 4 User image Kai Engert (:kaie) 2011-03-16 10:01:53 PDT
After manually importing your intermediate from I was able to connect to your test site and got a green EV status.

(Please make sure that you instruct your customers how to install the required intermediate cert when they install server theirs on their servers. The end entity is not sufficient, because Firefox does not automatically fetch intermediates.)
Comment 5 User image Michal Proszkiewicz 2011-03-17 01:21:00 PDT
Sorry for that. We have moved this site to another server and bundle file with root certificates was missed during this process. It's been fixed and working fine now.
Comment 6 User image Kai Engert (:kaie) 2011-03-17 08:00:07 PDT
A test version of Firefox is available at

Please download soon.

(This will go away after 3 days. Once it's gone, it will be available here
for another 10 days, after which it will be deleted automatically.)

Please note this build is based on a nightly development/test version of Firefox. It might be unstable and have bugs. Please be careful. It's best to use a "fresh, empty profile", for your testing. (Search the web how to use separate profiles, start the profile manager, with Firefox). This is also recommended to make sure you're not testing your own certificate database, but really this software with the embedded certs.

This test build contains your new roots, and if you have requested to, it also has the roots enabled for EV.
Please make sure you add a confirmation comment in BOTH separate bugs (one for adding the root, one for enabling for EV, if applicable).

Please note, adding your roots, and enabling roots for EV might happen in separate releases, although we try to do it all in the same release.
Comment 7 User image Kai Engert (:kaie) 2011-03-17 08:02:26 PDT
TODO, in this bug, please confirm that your root has been correctly enabled for EV.
Comment 8 User image Michal Proszkiewicz 2011-03-17 12:40:57 PDT
I confirm that root has been correctly added and enabled for EV.
Comment 9 User image Kai Engert (:kaie) 2011-05-05 14:04:32 PDT
fixed in bug 642144

Note You need to log in before you can comment on or make changes to this bug.