| Summary: | Add AS Sertifitseerimiskeskus CA certificates to KSSL | ||
|---|---|---|---|
| Product: | [Unmaintained] kio | Reporter: | Peeter Russak <pezz> |
| Component: | kssl | Assignee: | Brad Hards <bradh> |
| Status: | ASSIGNED --- | ||
| Severity: | wishlist | CC: | liisa, tulaclifford |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Other | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
Peeter Russak
2005-07-29 09:45:48 UTC
Are your certificates in any other browsers, such as MS IE or Mozilla FireFox? Those certificates are not in IE or Firefox by default, but they are added into both browsers as trusted certificates on Windows and MacOSX platforms during special software installation which enables authentication using our national identity card (client side certificate authentication using external security device). There's no special software installation package for Linux yet(, although recent versions of many distributions already contain every software piece needed for authentication using ID-card inside the OpenSC package). Final steps for user to do are to register PKCS#11 library inside Firefox's security devides and also add root certificates into trusted sources. As Firefox is common for all platforms it's easy to add those certificates using descriptive documents for other platforms. IIRC Konqueror still doesn't support PKCS#11 authentication, which is sad, but at least certificates could be there already. Have you asked Mozilla developers if they will include it? If so, what was the response? This is pending at Mozilla (https://bugzilla.mozilla.org/show_bug.cgi?id=414520) http://www.sk.ee/files/KLASS3-SK.PEM.cer doesn't appear to be in IE. $ openssl x509 -in JUUR-SK.PEM.cer -fingerprint SHA1 Fingerprint=40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89 From the Microsoft roots program (http://support.microsoft.com/kb/931125): 40 9d 4b d9 17 b5 5c 27 b6 9b 64 cb 98 22 44 0d cd 09 b8 89 It isn't clear the CA is actually making this request. Will follow up. Brad The JUUR-SK certificate has an appropriate key (RSA, 2048 bits) and hash (SHA-1). On further investigation, it appears that the KLASS-3 certificate is an intermediate certificate, so we only need the JUUR-SK root. Some time ago already JUUR-SK was added into Windows XP throught "Root certificates update" from Windows Update. It's also mentioned here: http://support.microsoft.com/kb/931125 As I found from google Mozilla project has a recent topic from June 2009 about inclusion of Sertifitseerimiskeskus root certs. They also have a better description also about our cert system here: http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/a70a57baae77b1ee Topic is longer there because it also contains discussion about using national identity cards as security tokens for authentication on web sites, but AFAIK KDE infrastructure doesn't support it yet. Peeter, Are you making this request as authorised representative of the CA? Brad Hi, I'm just a bug reporter, not a representative of CA nor connected to them. Liisa Lukin is a representative for corresponding Mozilla's bug request, maybe she can also answer your questions here. I'll send her an email. From Mozilla's bug request: Liisa Lukin AS Sertifitseerimiskeskus Business Development Manager liisa.lukin@sk.ee I'm the representative of the CA. How can I make this inclusion request official? SK root CA (Juur-SK) is now included to MS IE and Mozilla FF and MAC OS Safari. Timely comments - BTW if people require a ABC legal docs General Affidavit , my business partner filled out and esigned a sample form here http://pdf.ac/1jrPuM |