New issue
Advanced search Search tips

Issue 611673 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 786282
Owner:
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Add GDCA root certificate to Chrome "EV-Qualified" list

Reported by wangsn1...@gmail.com, May 13 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

Steps to reproduce the problem:
Access the test websites, which possess SSL certificates issued by GDCA’s Root Certificate, using HTTPS protocol in Chrome browser.

What is the expected behavior?
Add GDCA root certificate to Chrome "EV-Qualified" list.

What went wrong?
The Chrome browser shows that root certificates are not trusted.

Did this work before? No 

Chrome version: 45.0.2454.101  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 21.0 r0

①
Friendly Name: GDCA TrustAUTH R5 ROOT
Cert Location: http://www.gdca.com.cn/cert/GDCA_TrustAUTH_R5_ROOT.der
SHA-1 Fingerprint: 0f 36 38 5b 81 1a 25 c3 9b 31 4e 83 ca e9 34 66 70 cc 74 b4
Test URL: https://ev-ssl-test-1.95105813.cn/
EV Policy OID(s): 1.2.156.112559.1.1.6.1

②
Annual audits are performed by PricewaterhouseCoopers Zhong Tian LLP, according to the WebTrust criteria.
webtrust ca:https://cert.webtrust.org/ViewSeal?id=2024
webtrust br:https://cert.webtrust.org/ViewSeal?id=2025
webtrust ev:https://cert.webtrust.org/ViewSeal?id=2026

③
CA Document Repository: https://www.gdca.com.cn
CPS: https://bugzilla.mozilla.org/attachment.cgi?id=8688750
CRL URLs: 
http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R5_ROOT.crl
OCSP URL: http://www.gdca.com.cn/TrustAUTH/ocsp

④
GDCA TrustAUTH R5 ROOT has already been included in Microsoft in June 2015.
(http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-jan.aspx)
GDCA TrustAUTH R5 ROOT inclusion request for Mozilla is on "Ready for Public Discussion" state.
(https://bugzilla.mozilla.org/show_bug.cgi?id=1128392)
 
Cc: rsleevi@chromium.org
Components: Internals>Network>SSL>EV
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Cc: awhalley@chromium.org
Owner: awhalley@chromium.org
The status is still ""Unconfirmed". Has the process been started? 
Status: Assigned (was: Unconfirmed)
Moving to assigned.

Note that inclusion in Chrome won't occur before Mozilla's process is complete, see https://wiki.mozilla.org/CA:Schedule. 
Components: Internals>Network>EV
Components: -Internals>Network>SSL>EV
Mergedinto: 786282
Status: Duplicate (was: Assigned)

Sign in to add a comment