Changes

Jump to: navigation, search

CA/Application Process

26 bytes added, 17:49, 10 August 2021
Process Overview: Moved Step 18 (CCADB license) to Step 1
The overall steps of the CA certificate inclusion and update process are as follows. There are [[CA/Bug_Triage#Root_Inclusion.2FChange_requests_and_EV_Treatment_Enablement_Requests|Bugzilla Bug Whiteboard tags]] corresponding to many of these steps.
# A representative of the CA
#* [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|submits a request for root inclusion]]in both Bugzilla and in the CCADB (a representative of Mozilla issues a [http://ccadb.org/ Common CA Database (CCADB)] license to the [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]] for the CA), and
#* [[CA/Information_Checklist | provides information about the CA and operation of the root certificate(s).]]
#* All information provided by the CA MUST be publicly available.
# A representative of Mozilla adds (commits) the patch to NSS, then closes the NSS bug as RESOLVED FIXED.
# Mozilla products move to using a version of NSS which contains the certificate changes. This process is mostly under the control of the release drivers for those products. See [https://wiki.mozilla.org/RapidRelease/Calendar Mozilla's Release Calendar.]
# After inclusion of the CA's root certificate, a representative of Mozilla issues a [http://ccadb.org/ Common CA Database (CCADB)] license to the [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]] for the CA.
# The CA enters data into the CCADB for:
#* All of the certificates that are capable of being used to issue new certificates, and which directly or transitively chain to their root certificate(s) included in Mozilla’s Root Store that are not technically constrained as described in section 5.3 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ #532-publicly-disclosed-and-audited Mozilla's Root Store Policy].; and
#* Revoked intermediate certificates that chain to their certificate(s) included in Mozilla's Root Store.
Confirm
341
edits

Navigation menu