Add 4 SSL.com Root CA certificates to NSS
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
People
(Reporter: kathleen.a.wilson, Assigned: jschanck)
References
Details
(Whiteboard: July 2023 Batch of Root Changes)
Attachments
(5 files)
This bug requests inclusion in the NSS root store of the following root certificates owned by SSL.com.
Friendly Name: SSL.com TLS RSA Root CA 2022
Cert Location: https://ssl.com/repo/certs/SSLcom-TLS-Root-2022-RSA.pem **
SHA-1 Fingerprint: EC2C834072AF269510FF0EF203EE3170F6789DCA
SHA-256 Fingerprint: 8FAF7D2E2CB4709BB8E0B33666BF75A5DD45B5DE480F8EA8D4BFE6BEBC17F2ED
Trust Flags: Websites
Test URL: https://test-root-2022-rsa.ssl.com
Friendly Name: SSL.com TLS ECC Root CA 2022
Cert Location: https://ssl.com/repo/certs/SSLcom-TLS-Root-2022-ECC.pem **
SHA-1 Fingerprint: 9F5FD91A546DF50C71F0EE7ABD1749988473E239
SHA-256 Fingerprint: C32FFD9F46F936D16C3673990959434B9AD60AAFBB9E7CF33654F144CC1BA143
Trust Flags: Websites
Test URL: https://test-root-2022-ecc.ssl.com
Friendly Name: SSL.com Client ECC Root CA 2022
Cert Location: https://ssl.com/repo/certs/SSLcom-Client-Root-2022-ECC.pem **
SHA-1 Fingerprint: 807B1D9D65723DC756F9ECC5008349F6F2ACF486
SHA-256 Fingerprint: AD7DD58D03AEDB22A30B5084394920CE12230C2D8017AD9B81AB04079BDD026B
Trust Flags: Email
Friendly Name: SSL.com Client RSA Root CA 2022
Cert Location: https://ssl.com/repo/certs/SSLcom-Client-Root-2022-RSA.pem **
SHA-1 Fingerprint: AA5970E520329FCBD0D5799FFB1B821DFD1F7965
SHA-256 Fingerprint: 1D4CA4A2AB21D0093659804FC0EB2175A617279B56A2475245C9517AFEB59153
Trust Flags: Email
** There are two extraneous lines at the beginning of each of the resulting PEM files. Upon removal, the files work as expected.
This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bugs #1799703 and 1799533.
The next steps are as follows:
- A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
- A Mozilla representative creates a patch with the new certificates.
- The Mozilla representative requests that another Mozilla representative review the patch.
- The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
- At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
|
Reporter | |
Comment 1•2 years ago
|
||
|
|
Reporter | |
Comment 2•2 years ago
|
||
|
|
Reporter | |
Comment 3•2 years ago
|
||
|
|
Reporter | |
Comment 4•2 years ago
|
||
|
|
Reporter | |
Comment 5•2 years ago
|
||
Leo, Please see step #1 above.
Also, please make sure that the Cert Location links above are all working and that the resulting certs can be loaded into https://tls-observatory.services.mozilla.com/static/certsplainer.html. I ended up having to create my own .crt files for these roots in order to check them and attach them to this bug.
Kathleen,
Thanks for bringing this to our attention. An Add/Update Root request has now been submitted to CCADB (00001411) for processing to correct the broken links.
Regards,
Leo
|
|
Reporter | |
Comment 7•2 years ago
|
||
Thanks Leo. I have updated the bug description with the current URLs.
Now please see step #1 in the bug description above, and comment in this bug to confirm if all the data in this bug is correct, and that the correct certificates have been attached.
Kathleen,
I have confirmed with our team that all the data in this bug is correct, and that the correct certificates have been attached. Please proceed.
Leo
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 9•2 years ago
|
||
Depends on D183906
|
|
Assignee | |
Comment 10•2 years ago
|
||
Description
•