Closed Bug 1764392 Opened 3 years ago Closed 3 years ago

Add 4 DigiCert root certificates to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: djackson)

References

Details

(Whiteboard: June 2022 batch of root changes)

Attachments

(5 files, 1 obsolete file)

DigiCertSMIMEECCP384RootG5.crt.pem
805 bytes, application/x-x509-ca-cert
Details
DigiCertSMIMERSA4096RootG5.crt.pem
1.92 KB, application/x-x509-ca-cert
Details
DigiCertTLSECCP384RootG5.crt.pem
801 bytes, application/x-x509-ca-cert
Details
DigiCertTLSRSA4096RootG5.crt.pem
1.91 KB, application/x-x509-ca-cert
Details
Bug 1764392 - Add DigitCert Roots r=#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review

This bug requests inclusion in the NSS root store of the following root certificates owned by DigiCert.

Friendly Name: DigiCert SMIME ECC P384 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertSMIMEECCP384RootG5.crt.pem
SHA-1 Fingerprint: 1CB8A708C90D207901A0B2367FF09565E45324FE
SHA-256 Fingerprint: E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B
Trust Flags: Email

Friendly Name: DigiCert SMIME RSA4096 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertSMIMERSA4096RootG5.crt.pem
SHA-1 Fingerprint: 5BC5ADE29AA754DA848953A5FED75B4686D05708
SHA-256 Fingerprint: 90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A
Trust Flags: Email

Friendly Name: DigiCert TLS ECC P384 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertTLSECCP384RootG5.crt.pem
SHA-1 Fingerprint: 17F3DE5E9F0F19E98EF61F32266E20C407AE30EE
SHA-256 Fingerprint: 018E13F0772532CF809BD1B17281867283FC48C6E13BE9C69812854A490C1B05
Trust Flags: Websites
Test URL: https://digicert-tls-ecc-p384-root-g5.chain-demos.digicert.com/

Friendly Name: DigiCert TLS RSA4096 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.pem
SHA-1 Fingerprint: A78849DC5D7C758C8CDE399856B3AAD0B2A57135
SHA-256 Fingerprint: 371A00DC0533B3721A7EEB40E8419E70799D2B0A0F2C1D80693165F7CEC4AD75
Trust Flags: Websites
Test URL: https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1706228

The next steps are as follows:

  1. A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
  2. A Mozilla representative creates a patch with the new certificates.
  3. The Mozilla representative requests that another Mozilla representative review the patch.
  4. The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
  5. At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.

Martin, Please see step #1 above.

Flags: needinfo?(martin.sullivan)
Blocks: 1764397
Whiteboard: June 2022 batch of root changes

I can confirm the roots attached/linked are the correct ones and match our root generation report and latest Webtrust audit.

Flags: needinfo?(martin.sullivan)
Assignee: nobody → djackson

https://hg.mozilla.org/projects/nss/rev/0863d9ec3ecef1e581df362cc85cbdcf191b8759

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED

Comment on attachment 9285356 [details]
Bug 1764392 - Enable EV Treatment for Digicert G5 root certificates r?rmf

Revision D151748 was moved to bug 1764397. Setting attachment 9285356 [details] to obsolete.

Attachment #9285356 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: