Also, regarding the error "BR certificates must not contain directoryName type alternative name", it has been discussed yet at https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7wIZmwp4qGQ.
As it was commented, our certificates are compliant with this requirement as we set the Domain Name (there is at least a DNSName). Also, in order to comply with all applicable law related to eGovernment and identification of eOffices, administrative ID info must be set at SAN extension. As stating at section 8 of BRs we are oblied to do so. Even if you look at CABForum EV Guidelines (9.2.2), about Subject Alternative Name it is just said: "This extension MUST contain one or more host Domain Name(s) owned or controlled by the Subject and to be associated with the Subject’s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed for EV Certificates. You'll agree that this is a less restrictive assertion (and it's about EV certificates wich are more sensitive and requirements are harder) and it should be taken into account. I suggest to change the error message to a warning in order to allow CAs to explain its especial circumstances. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1271513 Title: www.cert.fnmt.es certificates are not included in Mozilla products To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1271513/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
