Enable Certum Trusted Network CA root certificate for EV in PSM

RESOLVED FIXED

Status

()

Core
Security: PSM
--
enhancement
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: Kathleen Wilson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
Per bug #532377 the request from Certum has been approved to enable its root certificate for EV use. Please make the corresponding changes to PSM.

The relevant information is as follows.

Friendly name: Certum Trusted Network CA
SHA1 Fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
EV Policy OID: 1.2.616.1.113527.2.5.1.1
Test URL: https://juice.certum.pl/
(Reporter)

Comment 1

7 years ago
Michal, Please confirm that the above information is correct.

Also, please perform the testing described on the following wiki page, and post
a comment in this bug when the testing has been successfully completed.

https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version

Comment 2

7 years ago
I've successfully completed the EV test.
Depends on: 642144
Your test server does not send the full chain of certificates that are necessary to find the path from server cert to root cert.
After manually importing your intermediate from http://repository.certum.pl/evca.cer I was able to connect to your test site and got a green EV status.

(Please make sure that you instruct your customers how to install the required intermediate cert when they install server theirs on their servers. The end entity is not sufficient, because Firefox does not automatically fetch intermediates.)

Comment 5

7 years ago
Sorry for that. We have moved this site to another server and bundle file with root certificates was missed during this process. It's been fixed and working fine now.
A test version of Firefox is available at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-6873b2ef1dfb/

Please download soon.

(This will go away after 3 days. Once it's gone, it will be available here
http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/old/kaie@kuix.de-6873b2ef1dfb/
for another 10 days, after which it will be deleted automatically.)

Please note this build is based on a nightly development/test version of Firefox. It might be unstable and have bugs. Please be careful. It's best to use a "fresh, empty profile", for your testing. (Search the web how to use separate profiles, start the profile manager, with Firefox). This is also recommended to make sure you're not testing your own certificate database, but really this software with the embedded certs.

This test build contains your new roots, and if you have requested to, it also has the roots enabled for EV.
Please make sure you add a confirmation comment in BOTH separate bugs (one for adding the root, one for enabling for EV, if applicable).

Please note, adding your roots, and enabling roots for EV might happen in separate releases, although we try to do it all in the same release.
TODO, in this bug, please confirm that your root has been correctly enabled for EV.

Comment 8

7 years ago
I confirm that root has been correctly added and enabled for EV.
fixed in bug 642144
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.