CA/Application Instructions: Difference between revisions

Jump to navigation Jump to search

CA/Application Instructions (view source)

Revision as of 00:59, 14 October 2017

281 bytes removed ,  14 October 2017
updated to match new testing interface and preferences interface
(cleanup)
(updated to match new testing interface and preferences interface)
Line 26: Line 26:
Here are the steps that a representative of the CA should take when asked to test that the certificate has been correctly imported and that websites work correctly.
Here are the steps that a representative of the CA should take when asked to test that the certificate has been correctly imported and that websites work correctly.


# Click on the test build link that is provided, choose the download file for the operating system you are using (e.g. ….mac.dmg for an Apple system). Install (e.g. by clicking on the .dmg file and following the instructions).
# Click on the test build link that is provided, choose the download file for the operating system you are using.
#* For Testing on Mac:
#** Find the line with OSX that contains tc(B).  
#** Click the green B inside that tc(B), and the bottom part of the page will change to show more details of that build.
#** In the right hand colum, you see several "artifact uploaded" entries.
#** Scroll down that list to find "target.dmg". That's the Mac disk image that you're looking for.
# It is very important to ensure that you test using a fresh profile in order to make sure you really seeing the trust bits provided by the test build, rather than the trust settings that you had set manually in an application profile. For more information about using a separate profile for testing, refer to the knowledge base articles: [http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles Profile Manager] and [http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows Creating a new Firefox profile.]
# It is very important to ensure that you test using a fresh profile in order to make sure you really seeing the trust bits provided by the test build, rather than the trust settings that you had set manually in an application profile. For more information about using a separate profile for testing, refer to the knowledge base articles: [http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles Profile Manager] and [http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows Creating a new Firefox profile.]
#* Using a fresh profile is the best way to test, but you can also restore the default certificate settings as described here: https://wiki.mozilla.org/CA:UserCertDB#How_To_Restore_Default_Root_Certificate_Settings
#* Using a fresh profile is the best way to test, but you can also restore the default certificate settings as described here: https://wiki.mozilla.org/CA:UserCertDB#How_To_Restore_Default_Root_Certificate_Settings
Line 34: Line 39:
# Check that your root certificate is included and the trust bits set correctly.
# Check that your root certificate is included and the trust bits set correctly.
#* Open the Options/Preferences window:  
#* Open the Options/Preferences window:  
#**On Windows: Pull down the Tools menu and select Options…
#** On Mac: Pull down the Firefox menu (or name of the test build, e.g Nightly) and select Preferences...  
#** On Mac: Pull down the Firefox menu (or name of the test build, e.g Nightly) and select Preferences...  
#** On Linux: Pull down the Edit menu and select Preferences
#* Select Privacy & Security
#* Select Advanced
#* Scroll down to the 'Certificates ' section
#* Select Certificates  
#* Click on 'View Certificates' to open the Certificate Manager  
#* Click on View Certificates to open the Certificate Manager  
#* Select Authorities  
#* Select Authorities  
#* Find your root certificate and confirm that it is marked as "Builtin Object Token" in the Security Device column.
#* Find your root certificate and confirm that it is marked as "Builtin Object Token" in the Security Device column.
#* Click on your root certificate to highlight it, then click on “Edit Trust…”  Verify that the correct trust bits are checked.
#* Click on your root certificate to highlight it, then click on “Edit Trust…”  to verify that the correct trust bits are checked.
# Browse to websites that have SSL certs that chain up to this root cert. The appropriate UI should appear indicating it is a secure website. Click on the lock and View Certificate, to see details.
# Browse to websites that have SSL certs that chain up to this root cert. The appropriate UI should appear indicating it is a secure website. Click on the lock and View Certificate, to see details.
# Comment in the bug to indicate your testing results.
# Comment in the bug to indicate your testing results.


Note: EV-enablement is done in a separate bug, after the root has been included.
Note: EV-enablement is done in a separate bug, after the root has been included.
Recommendation: I find the "Cert Viewer Plus" Add-On useful for doing this type of testing. After you've installed this add-on, you can open the Certificate Manager from the Tools menu with one click. Also, when you browse to a website and click on the lock to view the details of the certificate chain, it displays the trust bit settings for the root. Additionally, the SHA-1 fingerprint in the Certificate Viewer can be selected and copied.


== Common CA Database ==
== Common CA Database ==
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1182240"

Navigation menu