Closed Bug 759733 Opened 13 years ago Closed 13 years ago

Add "Swisscom Root EV 2" to trusted root CA cert list

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 759732

People

(Reporter: markus.limacher, Assigned: kathleen.a.wilson)

Details

Initial Information Gathering Document Attached is the initial information gathering document which summarizes the information that has been gathered and verified. Within the document the items highlighted in yellow indicate where more information or clarification is needed. I will summarize below. 1) Please point me to the sections of the CP/CPS that define the policies and practices governing the issuance of Extended Validation Certificates under this root according to the Extended Validation Guidelines at http://www.cabforum.org/EV_Certificate_Guidelines_V13.pdf - Title Page and Chapter Capter 1.1 2) When do you expect to have the audit report for EV? Phase 1 available Phase 2 available 3) Does this root have any sub-CAs that are operated by third parties? Has or will this root be used to cross-sign another CA? - NO 4) What is the expiration time of the OCSP responses from this root? According to http://www.cabforum.org/EV_Certificate_Guidelines_V13.pdf Section 26(b): “If the CA provides revocation information via an Online Certificate Status Protocol (OCSP) service, it MUST update that service at least every four days. OCSP responses from this service MUST have a maximum expiration time of ten days.” CRL refresh time every 2 hours CRL grace period 6 days (current CRL stays valid for 6 days after the refresh time has passed and a new CRL couldn't be downloaded) 5) Please review http://wiki.mozilla.org/CA:Problematic_Practices and comment as to whether any of these are relevant? If relevant, please provide further info. NONE of the referred Problematic Practices are applicable. 6) Is the Policy OID that you provided an EV Policy OID as per http://www.cabforum.org/EV_Certificate_Guidelines_V13.pdf? YES CA Details ---------- CA Name: Swisscom Root EV CA 2 Website: www.swissdigicert.ch One Paragraph Summary of CA, including the following: - General nature (e.g., commercial, government, academic/research, nonprofit) Swisscom AG is a commercial CSP that provides certification services for individual and corporate customers. Swisscom operates a certificate authority and registration authority. Customers may choose to use the registration services of Swisscom and purchase single certificates. Customers may also choose to operate their own registration authority (managed PKI). - Primary geographical area(s) served Swisscom operates Issuing CA for national (Switzerland) and internatinal purpose. Swisscom AG focuses for national (Switzerland) and internatinal purpose to provide managed PKI services. Registration Services may be used for national (Switzerland) and internatinal purpose. - Number and type of subordinate CAs The "Root EV CA2" Root CA currently has one (1) subordinate CA's: - Swisscom Quarz EV CA 2 Audit Type (WebTrust, ETSI etc.): Swisscom AG has been audited for Swiss Digital Signature Law. ISO 27001 and <EV> are part of this audit. The following link shows the page of the accreditaion body in Switzerland: http://www.seco.admin.ch/sas/00229/02208/index.html?lang=de Auditor: KPMG KPMG AG ISMS Zertifizierungsstelle SCES/m/ 071 Badenerstr. 172 8026 Zürich 4 SWITZERLAND Auditor Website: www.kpmg.ch Audit Document URL(s): http://www.seco.admin.ch/sas/00229/02208/index.html?lang=de Certificate Details ------------------- (To be completed once for each certificate) ------------------- Certificate Name: Swisscom Root EV CA 2 Summary Paragraph, including the following: - End entity certificate issuance policy, i.e. what you plan to do with the root Certificate HTTP URL (on CA website): http://www.swissdigicert.ch/download/sdcs-root2-ev.crt Version: v3 SHA1 Fingerprint: e7 a1 90 29 d3 d5 52 dc 0d 0f c6 92 d3 ea 88 0d 15 2e 1a 6b MD5 Fingerprint: -- Modulus Length (a.k.a. "key length"): 4096 Valid From (YYYY-MM-DD): Jun 24 09:45:08 2011 GMT Valid To (YYYY-MM-DD): Jun 25 08:45:08 2031 GMT CRL HTTP URL: http://www.swissdigicert.ch/download/sdcs-root2-ev.crl OCSP URL: http://ocsp.swissdigicert.ch/root2-ev Class (domain-validated, identity-validated or EV): EV Certificate Policy URL: -- CPS URL: http://www.swissdigicert.ch/sdcs/portal/download_file?file=deutsch%2F102_CPS_SDCS_EV_2_16_756_1_83_2_2_V2_0_de.pdf Requested Trust Indicators (email and/or SSL and/or code): Root ------------------- Certificate Name: Swisscom Quartz EV CA 2 Summary Paragraph, including the following: - End entity certificate issuance policy, i.e. what you plan to do with the root Certificate HTTP URL (on CA website): http://aia.swissdigicert.ch/sdcs-quarz2.crt Version: v3 SHA1 Fingerprint: a0 2a de 64 c4 64 ab 12 55 e5 e1 ce 1e 05 12 fa 46 51 64 bf MD5 Fingerprint: -- Modulus Length (a.k.a. "key length"): 2048 Valid From (YYYY-MM-DD): Jan 12 08:55:00 2012 GMT Valid To (YYYY-MM-DD): Jan 12 08:55:00 2022 GMT CRL HTTP URL: http://crl.swissdigicert.ch/sdcs-root2-ev.crl OCSP URL: http://ocsp.swissdigicert.ch/quartz2 Class (domain-validated, identity-validated or EV): EV Certificate Policy URL: http://www.swissdigicert.ch/sdcs/portal/download_file?file=deutsch%2F008_CP_Quartz_EV_SDCS_2_16_756_1_83_4_V2_0_de.pdf CPS URL: http://www.swissdigicert.ch/sdcs/portal/download_file?file=deutsch%2F102_CPS_SDCS_EV_2_16_756_1_83_2_2_V2_0_de.pdf Requested Trust Indicators (email and/or SSL and/or code): EV SSL
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.