Changes

Mozilla’s CA Certificate Program governs inclusion of root [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates certificates ] in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. * [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates About Web PKI x509 Certificates] == Override Default Root Certificate Settings == Users of Mozilla products may override the default root certificate settings by either deleting the root certificate or by changing the trust bit settings of a root certificate. * [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.

* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Certificate Root Store Policy] (current stable version, : 2.4.1)*[[CA:Communications | CA Communications]] and their responses. Such communications may also set policy in advance of it being included in the Root Store Policy.* [https://github.com/mozilla/pkipolicy/issues CA Certificate Root Store Policy Issue Tracker]* [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md Latest draft of Root Store Policy] (will become the next version)* [[CA:CertPolicy|Older versions of the Root Store Policy]]* [[CA:BaselineRequirements|Baseline Requirements Compliance]]: Mozilla's expectations regarding compliance with the CA/Browser Forum's [https://cabforum.org/baseline-requirements-documents/ Baseline Requirements].* [[CA:RootTransferPolicy|Root Transfer Policy]]: Mozilla's expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location You can also read about [[CA:CertPolicy|old versions of the policy and the policy update process]].

** [[CA/Dashboard|CA Request Dashboard]]- tracks applications through the process* [[CANSS:SubordinateCAcertsRelease_Versions |Public Intermediate (Subordinate) CA CertificatesNSS:Release_Versions]]shows which product versions a particular root inclusion request was first available in* [[CA:RevokedSubCAcertsSubordinateCAcerts|Revoked Public Intermediate (Subordinate) CA Certificates]]  * [[NSS:Release_Versions | NSS:Release_Versions]] -- Mapping of Root Cert Inclusion Bugs to Mozilla Product Releases == CA Communications == * [[CA:Communications RevokedSubCAcerts| Communications sent to CAsRevoked Intermediate Certificates]] and their responses