Hello -
We have a customer at the VA who uses an Entrust root: Issuer Entrust AIA: http://nfitestweb.managed.entrust.com/AIA/CertsIssuedToNFIMediumSSPCA.p7c AIA: ldap://nfitestdir.managed.entrust.com/ou=Entrust%20NFI%20Test%20Shared%20Ser vice%20Provider,ou=Certification%20Authorities,o=Entrust,c=US?cACertificate; binary,crossCertificatePair;binary They are repeatedly flagged by DHS for not using a trusted certificate and using a self-signed certificate. DHS uses Mozilla Trust Store. Taking a look at the following file: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu iltins/certdata.txt, we can see that everything pertaining to Entrust end in .NET. The Entrust CA our customer uses ends in .COM. Both extensions are the same thing. How can we have the .COM certificate added Globally to Mozilla's Trust Store? This will resolve the issues being reported by DHS for us. Any help on this would be greatly appreciated. Respectfully, Derek O'Donnell (Contractor) NOC Gateway Operations - QuarterLine Infrastructure Operations (IO) IT Operations and Services (ITOPS), Office of Information and Technology (OIT) Office (304) 262-5282 T-S
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy