Here is the WoSign 3 cross signing certificates and WoSign root CA1 that for cross signing verification: WoSign CA1: Certification Authority of WoSign: http://www.wosign.com/root/WS_CA1_NEW.crt Comodo cross signed: http://www.wosign.com/root/WS_CA1_xs_UTN-SGC.crt Startcom cross signed: http://www.wosign.com/root/ca0_xs_1.crt WoSign 1999 cross signed: http://www.wosign.com/root/WS_CA1_xs_1999_new.crt
Richard On Wednesday, April 23, 2014 9:21:40 PM UTC+8, Richard WoSign wrote: > Hi Mike, > > > > Very thanks for your comments. What you mentioned is NOT a problem; it is our > > technical advantage conversely. :-) > > > > We are using cross signing technology. Our root is cross signed by Startcom > > CA, Comodo UTN root CA and WoSign 1999 root CA to guarantee our end user's > > certificates compatible with all device and all systems. > > > > How to verify it is cross signing? If the cross signed cert public key is > same > > as our root public key, it is cross signing. It means our root CA1 public key > > is same as the following 3 cross signing certificate. You can learn more > about > > cross signing in the Internet. > > > > > > Richard > > > > > > > > On Friday, April 18, 2014 10:57:53 PM UTC+8, Michael Miller wrote: > > > I checked customers on official site of Wosign > > > > > > https://www.wosign.com/ > > > > > > > > > > > > It seems wosign have 3 different certificate using same Key-pair(Have same > > > > > > public key) > > > > > > > > > > > > that is : > > > > > > 1,Certification Authority of WoSign as a subCA under Wosign 1999 > > > > > > example customer Url: > > > > > > https://person.guilinbank.com.cn/ > > > > > > > > > > > > 2,Certification Authority of WoSign as a subCA under StartCom Certification > > > > > > Authority > > > > > > example customer Url: > > > > > > https://login.dangdang.com/ > > > > > > > > > > > > 3,Certification Authority of WoSign as a Root CA > > > > > > The Root CA that have webtrust seal and used to apply for this certificate > > > > > > program > > > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=851435 > > > > > > > > > > > > Well, Since they all have same key pair , I assume they are all related (as > > > > > > one system) and should be mentioned here. > > > > > > > > > > > > According to Items #8, 9, and 10 of Mozilla's CA Certificate Inclusion > > > > > > Policy , intermediate certificates must either be technically constrained > > > > > > or be audited and publicly disclosed. > > > > > > https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates > > > > > > > > > > > > Can anyone from Wosign explain this situation? > > > > > > > > > > > > Mike > > > > > > > > On Friday, April 18, 2014 10:57:53 PM UTC+8, Michael Miller wrote: > > > I checked customers on official site of Wosign > > > > > > https://www.wosign.com/ > > > > > > > > > > > > It seems wosign have 3 different certificate using same Key-pair(Have same > > > > > > public key) > > > > > > > > > > > > that is : > > > > > > 1,Certification Authority of WoSign as a subCA under Wosign 1999 > > > > > > example customer Url: > > > > > > https://person.guilinbank.com.cn/ > > > > > > > > > > > > 2,Certification Authority of WoSign as a subCA under StartCom Certification > > > > > > Authority > > > > > > example customer Url: > > > > > > https://login.dangdang.com/ > > > > > > > > > > > > 3,Certification Authority of WoSign as a Root CA > > > > > > The Root CA that have webtrust seal and used to apply for this certificate > > > > > > program > > > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=851435 > > > > > > > > > > > > Well, Since they all have same key pair , I assume they are all related (as > > > > > > one system) and should be mentioned here. > > > > > > > > > > > > According to Items #8, 9, and 10 of Mozilla's CA Certificate Inclusion > > > > > > Policy , intermediate certificates must either be technically constrained > > > > > > or be audited and publicly disclosed. > > > > > > https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates > > > > > > > > > > > > Can anyone from Wosign explain this situation? > > > > > > > > > > > > Mike _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy