Common CA Database (CCADB)

Historically, Certification Authorities (CAs)have had to separately submit data to multiple, individual root store operators, resulting in inefficiency and duplication of effort. Mozilla maintains a CRM instance for communicating with CAs and managing CA data, called the Common CA Database (CCADB), which was originally referred to as the CA Community in Salesforce. Through the CCADB, our goal is to enable CAs to directly provide updates to all participating root store operators at once, and to reduce duplication of effort across the root store programs.

• A Root Store Member is any root store operator participating in the Common CA Database via the File:MozillaCommonCADatabaseAgreement.pdf.
• A CA Member is any CA participating in the Common CA Database via a Community License. CA Members have read-only access to all root certificate data; are able to enter and modify data regarding intermediate certificates chaining up to their own root certificates; and are able to create Audit Cases to report their updated Audit, CP, CPS, and test website URLs each year.

Request a license

CA Community Licenses are granted to CAs in the root store programs of participating root store operators. You only need one CA Community License to access the CCADB data relating all participating root store operators. To request a license:

• Specific instructions for CAs in Microsoft's CA Program -- TO DO - ADD LINK AND OR TEXT
• Specific instructions for CAs in Mozilla's CA Program
  • Send email to certificates@mozilla.org with your name and the name of the CA you represent.

Getting Started

After you receive email with your CA Community License, you may login to the Common CA Database as follows:

1. Browse to: https://mozillacacommunity.force.com/
2. Enter your Username; the email address for which your Community User License was issued
3. Enter the Password that you set up during first access
4. Click on the "Log in to CA Community" button

Upon initial login you will see a row with six tabs:

1. Home
2. CA Owners/Certificates
   • Click on "CA Owners/Certificates" tab, then in "View:" select "Community User's CA Owners/Certificates" and click on "Go!". This will list the CA Owner and all of the root and intermediate certificates associated with your account. Click on the "CA Owner/Certificate Name" to view the record. Within the record you will see an Account Hierarchy section, where you can click on each root or intermediate certificate record to view the data.
3. Contacts
   • Click on "Contacts" tab, then in "View:" select "All Contacts" and click on "Go!". Click on the Name to view the contact record.
4. Cases
   • Click on "Cases" tab, then "My Cases" and click on "Go!".
5. CA Communications (Page)
   • This may be used when a root store operator polls their CA members for information.
6. Reports
   • Click on "Reports" tab, then click on the "CA Community Reports" link along the left column, then click on one of the reports in the list. Whenever you click on the "Reports" tab it will list the reports that you have recently viewed. You will need to click on the "CA Community Reports" link to see all of the reports that are available to you.

Important Notes:

• Each Owner/Certificate record has a "CA Owner/Certificate Name" field. For a certificate record, the value of this field is usually the Certificate Subject Common Name of the certificate. For a CA Owner record, this field displays the CA's name. (We cannot change the title of the field in the page, due to the way we are using it in the CRM.)
• Each Certificate record has a "Parent CA Owner/Certificate" field. For an intermediate certificate record the value of the field should be the Certificate Issuer Common Name. For a root certificate record the value of the field will be the name of the CA owner. (We cannot change the title of the field in the page, due to the way we are using it in the CRM.)
• CA Community Users cannot modify the records for: Owner, Root Certificate, and Contact. Only the Root Store Members can modify these records.
• CA Community Users can only modify the intermediate certificate records for their CA.
• When PEM data is provided, the certificate details in the record may not be modified.

Updating Audit Information

All Root Store Members require their CAs to provide updated statements annually of attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties, as outlined in the CA/Browser Forum Baseline Requirements and as outlined in each root store operator's policies.

Enter updated Audit Information into the CCADB:

1. TO DO