676799 - VeriSign Class 3 Code Signing 2004 CA not trusted

Status: RESOLVED WONTFIX

(NSS :: CA Certificates Code, task)

Description

[David Juran]

User Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.18) Gecko/20110621 Fedora/3.6.18-1.fc14 Firefox/3.6.18
Build ID: 20110621100037

Steps to reproduce:

Tried to run an applet signed with the VeriSign Class 3 Code Signing 2004 CA. 
But never mind that, what this bugzilla is about is that the root(?) certificate from Verisign outlined below isn't listed on https://www.mozilla.org/projects/security/certs/included/#VeriSign nor included in the nss lista of ca certs. Is this intentional?

OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Validity: [From: Fri Jul 16 03:00:00 EEST 2004,
               To: Wed Jul 16 02:59:59 EEST 2014]
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SHA1 Fingerprint: 19:7A:4A:EB:DB:25:F0:17:00:79:BB:8C:73:CB:2D:65:5E:00:18:A4

Comment 1

[Kathleen Wilson]

> Tried to run an applet signed with the VeriSign Class 3 Code Signing 2004
> CA. 
> But never mind that, what this bugzilla is about is that the root(?)
> certificate from Verisign outlined below isn't listed on
> https://www.mozilla.org/projects/security/certs/included/#VeriSign nor
> included in the nss lista of ca certs. Is this intentional?


According to http://www.verisign.com/repository/ca-ra.html
"VeriSign Class 3 Code Signing 2004 CA" is a legacy CA.

VeriSign has several root certificates included in NSS, and they are actively requesting updates, such as bug #602107.

Please contact VeriSign customer support if you need further assistance.