Last Comment Bug 635390 - Enable Certum Trusted Network CA root certificate for EV in PSM
: Enable Certum Trusted Network CA root certificate for EV in PSM
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: unspecified
: All All
: -- enhancement (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on: 635385 642144
Blocks: 532377
  Show dependency treegraph
 
Reported: 2011-02-18 14:26 PST by Kathleen Wilson
Modified: 2011-05-05 14:04 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Kathleen Wilson 2011-02-18 14:26:57 PST
Per bug #532377 the request from Certum has been approved to enable its root certificate for EV use. Please make the corresponding changes to PSM.

The relevant information is as follows.

Friendly name: Certum Trusted Network CA
SHA1 Fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
EV Policy OID: 1.2.616.1.113527.2.5.1.1
Test URL: https://juice.certum.pl/
Comment 1 Kathleen Wilson 2011-02-18 14:28:12 PST
Michal, Please confirm that the above information is correct.

Also, please perform the testing described on the following wiki page, and post
a comment in this bug when the testing has been successfully completed.

https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version
Comment 2 Michal Proszkiewicz 2011-02-22 01:43:22 PST
I've successfully completed the EV test.
Comment 3 Kai Engert (:kaie) 2011-03-16 09:57:34 PDT
Your test server does not send the full chain of certificates that are necessary to find the path from server cert to root cert.
Comment 4 Kai Engert (:kaie) 2011-03-16 10:01:53 PDT
After manually importing your intermediate from http://repository.certum.pl/evca.cer I was able to connect to your test site and got a green EV status.

(Please make sure that you instruct your customers how to install the required intermediate cert when they install server theirs on their servers. The end entity is not sufficient, because Firefox does not automatically fetch intermediates.)
Comment 5 Michal Proszkiewicz 2011-03-17 01:21:00 PDT
Sorry for that. We have moved this site to another server and bundle file with root certificates was missed during this process. It's been fixed and working fine now.
Comment 6 Kai Engert (:kaie) 2011-03-17 08:00:07 PDT
A test version of Firefox is available at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-6873b2ef1dfb/

Please download soon.

(This will go away after 3 days. Once it's gone, it will be available here
http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/old/kaie@kuix.de-6873b2ef1dfb/
for another 10 days, after which it will be deleted automatically.)

Please note this build is based on a nightly development/test version of Firefox. It might be unstable and have bugs. Please be careful. It's best to use a "fresh, empty profile", for your testing. (Search the web how to use separate profiles, start the profile manager, with Firefox). This is also recommended to make sure you're not testing your own certificate database, but really this software with the embedded certs.

This test build contains your new roots, and if you have requested to, it also has the roots enabled for EV.
Please make sure you add a confirmation comment in BOTH separate bugs (one for adding the root, one for enabling for EV, if applicable).

Please note, adding your roots, and enabling roots for EV might happen in separate releases, although we try to do it all in the same release.
Comment 7 Kai Engert (:kaie) 2011-03-17 08:02:26 PDT
TODO, in this bug, please confirm that your root has been correctly enabled for EV.
Comment 8 Michal Proszkiewicz 2011-03-17 12:40:57 PDT
I confirm that root has been correctly added and enabled for EV.
Comment 9 Kai Engert (:kaie) 2011-05-05 14:04:32 PDT
fixed in bug 642144

Note You need to log in before you can comment on or make changes to this bug.