CA/Application Process: Difference between revisions

Jump to navigation Jump to search

CA/Application Process (view source)

Revision as of 21:29, 5 October 2020

130 bytes removed ,  5 October 2020
Clarified that re-issued root certificates also still need to go through the evaluation/approval/inclusion process. And re-organized the top part of this section.
m (minor updates to match current process)
(Clarified that re-issued root certificates also still need to go through the evaluation/approval/inclusion process. And re-organized the top part of this section.)
Line 11: Line 11:


= Process Overview =
= Process Overview =
This process is used to request any of the following:
* Include a new root certificate, even if the CA already has root certificates included in Mozilla's root store
* Include a renewed version or re-issued version of an already-included root certificate
* Enable EV treatment for an already-included root certificate
* Turn on additional trust bits for an already-included root certificate
Approval of one root certificate does '''not''' imply that other root certificates owned by the same CA would be accepted.


It typically takes up to '''two years''' for a new CA to make it from one end of the process to the other. If the CA does not provide requested information in a timely manner, then the application will take even longer, or be cancelled.
It typically takes up to '''two years''' for a new CA to make it from one end of the process to the other. If the CA does not provide requested information in a timely manner, then the application will take even longer, or be cancelled.
The same process is used to request:
* Enabling EV treatment for an already-included root certificate
* Turning on additional trust bits for an already-included root certificate
* Including a new root certificate, even if the CA already has root certificates included in Mozilla's root store
* Including a renewed version of an already-included root certificate
** Consideration for inclusion is per root certificate (defined as the combination of Subject DN, Subject Public Key Information, and Subject Key Identifier). Approval of one root certificate does '''not''' imply that other root certificates owned by the same CA would be accepted.


The overall steps of the CA certificate inclusion and update process are as follows. There are [[CA/Bug_Triage#Root_Inclusion.2FChange_requests_and_EV_Treatment_Enablement_Requests|Bugzilla Bug Whiteboard tags]] corresponding to many of these steps.
The overall steps of the CA certificate inclusion and update process are as follows. There are [[CA/Bug_Triage#Root_Inclusion.2FChange_requests_and_EV_Treatment_Enablement_Requests|Bugzilla Bug Whiteboard tags]] corresponding to many of these steps.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1231379"

Navigation menu