CA/Email templates
Email Templates used by CCADB
The email templates in this page are specifically for the email reminders that get sent by the Common CA Database (CCADB) to CAs in Mozilla's program, in regards to data or updated documentation that the CA needs to provide.
See the CA Communications wiki page if you are looking for a history of the surveys/communications that have been sent to CAs in Mozilla's program. CA Communications are different from the email reminders/notifications that get sent by the CCADB. The purpose of CA Communications is to ensure that all CAs in Mozilla's program receive the same information. On the other hand email reminders/notifications that get sent by the CCADB contain information specific to the CA about what data they need to update in the CCADB.
Welcome Email Template
Subject: Welcome to the Common CA Database
Dear Certification Authority,
Welcome to the Common CA Database!
Instructions for using the Common CA Database are available here:
http://ccadb.org/cas/
To get started, browse to: {!Community_Url}
Username: {!Receiving_User.Username}
Please browse to the link above within 48 hours of receiving this email.
Regards,
CCADB Support
Audit Reminder Email Templates
Audit reminder email is sent on the third Tuesday of each month to CAs whose audit statements are about to expire or whose audit statements are past due.
As of November 15, 2022, the email template and logic is based on the CA Task List reports that are available on the CCADB homepage. There is one audit reminder email per month that is sent by the CCADB to a CA Owner who needs to provide updated audit statements, rather than having several emails sent when the CA Owner has their root certificates included in several root store programs.
Email Template based on CA Task List reports:
From: noreply@ccadb.org
TO: <Primary POC>
CC: <CA Email Alias 1 & CA Email Alias 2>
Subject: CCADB Action Required: Provide Updated Audit Statements
Your CA has the following items that need to be resolved in the CCADB. Please login to the CCADB to see the full list on your home page.
- Root Certificates with Outdated Audit Statements (##)
- Intermediate Certificates with Outdated Audit Statements (##)
Instructions may be found at www.ccadb.org/cas.
If you need help, contact support@ccadb.org or the appropriate root store email address that is listed on your CCADB home page.
Regards,
CCADB Team
Intermediate Certificate Email Templates
Intermediate Certificate related email is sent to CAs who need to update or add records to the CCADB to represent the intermediate certificates chaining up to their root certificates that are included in Mozilla's program.
Disclosure Incomplete Email Template
The following email templates corresponds to the following row/section in https://crt.sh/mozilla-disclosures.
Subject: Mozilla: Need Audit or CP/CPS for Intermediate Certificates
Dear Certification Authority,
This is a courtesy reminder from Mozilla that audit statements or CP/CPS documents are missing for the following intermediate certificate records in the Common CA Database (CCADB).
{!IntermediateCertificateList} -- format: <Certificate Name>, <SHA256 Fingerprint>)
For each of the certificates listed above, please update their record in the CCADB to provide audit and policy information as described here:
http://ccadb.org/cas/
For new intermediate certificates that will be listed in their parent or root certificate's next audit statements and CP/CPS, please check the 'Audits Same as Parent' and 'CP/CPS Same as Parent' boxes in their records in the CCADB. Mozilla's Root Store Policy says: "If the CA has a currently valid audit report at the time of creation of the certificate, then the new certificate MUST appear on the CA's next periodic audit reports."
This is an automated email that will be sent regularly until the audit statements and policy documents have been correctly disclosed in the CCADB.
Regards,
{!User.FirstName} {!User.LastName}
{!User.CompanyName}
{!User.Title}
Lead Email Templates
The following email is sent to the email address provided in the form.
Subject: CCADB Access Request Received
Dear {!Lead.Name},
We appreciate you contacting us to request access to the Common CA
Database (CCADB). One of our colleagues will get back to you shortly.
Root inclusion process description(s):
if {Lead.Sponsored_By__c contains Apple} https://www.apple.com/certificateauthority/ca_program.html
if {Lead.Sponsored_By__c contains Microsoft} https://docs.microsoft.com/en-us/security/trusted-root/program-requirements
if {Lead.Sponsored_By__c contains Mozilla} https://wiki.mozilla.org/CA/Application_Process
OBSOLETE Email Templates
Courtesy Audit Reminder Email Template
Audit Reminder is sent when previous Audit Period End date is 1 year plus 31 days to 93 days old.
Subject: Mozilla: Audit Reminder
Dear Certification Authority,
This is a courtesy reminder from Mozilla that updated audit statements are due for the following root certificates:
{!RootCertificateList}
Here is the audit statement information we have for these root certificates.
{!standardAuditInfoStr}
{!brAuditInfoStr}
{!evAuditInfoStr}
As per Mozilla's Root Store Policy, we require that all CAs whose certificates are distributed with our software products provide us an updated statement annually of attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties.
Please provide your annual updates via the Common CA Database (CCADB), as described here:
http://ccadb.org/cas/updates
This is an automated email that will be sent regularly until the audit statements have been updated in our records.
Regards,
{!User.FirstName} {!User.LastName}
{!User.CompanyName}
{!User.Title}
Overdue Audit Statement Email Template
Overdue Notice is sent when previous Audit Period End date is 1 year plus 93 days to 150 days old.
Subject: Mozilla: Overdue Audit Statements
Dear Certification Authority,
Updated audit statements are overdue for the following root certificates. If you do not respond promptly with updated audit information, a Mozilla representative will file a Bugzilla Bug and start a discussion in the dev-security-policy@mozilla.org mailing list to record that audit statements are past due for these root certificates.
{!RootCertificateList}
Here is the audit statement information we have for these root certificates.
{!standardAuditInfoStr}
{!brAuditInfoStr}
{!evAuditInfoStr}
As per Mozilla's Root Store Policy, we require that all CAs whose certificates are distributed with our software products provide us an updated statement annually of attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties. A failure to provide required updates in a timely manner are grounds for disabling a CA’s root certificates or removing them from Mozilla products. According to the policy "a timely manner" means within 30 days of when the appropriate documentation becomes available to the CA.
Please provide your annual updates via the Common CA Database (CCADB), as described here:
http://ccadb.org/cas/updates
This is an automated email that will be sent regularly until the audit statements have been updated in our records.
Regards,
{!User.FirstName} {!User.LastName}
{!User.CompanyName}
{!User.Title}
Failure to Provide Audit Statement Email Template
Danger of being removed warning is sent when previous Audit Period End date is older than 1 year plus 150 days.
Subject: Mozilla: Your root is in danger of being removed
Dear Certification Authority,
Your root certificates as listed below are in danger of being removed from Mozilla's root store, because the audit statements that we have on record are very old. If you do not respond promptly with updated audit information, we will initiate the process of removing these root certificates.
{!RootCertificateList}
Here is the audit statement information that we have for these root certificates:
{!standardAuditInfoStr}
{!brAuditInfoStr}
{!evAuditInfoStr}
As per Mozilla's Root Store Policy, we require that all CAs whose certificates are distributed with our software products provide us an updated statement annually of attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties. A failure to provide required updates in a timely manner are grounds for disabling a CA’s root certificates or removing them from Mozilla products. According to the policy "a timely manner" means within 30 days of when the appropriate documentation becomes available to the CA.
Please provide your annual updates via the Common CA Database (CCADB), as described here:
http://ccadb.org/cas/updates
This is an automated email that will be sent regularly until the audit statements have been updated in our records or the corresponding root certificates have been disabled or removed from NSS.
Regards,
{!User.FirstName} {!User.LastName}
{!User.CompanyName}
{!User.Title}
Outdated Audit Statements for Intermediate Certificates
This email is automatically sent by the CCADB on the first Tuesday of each month to CAs who have outdated audit statements in their intermediate cert records. An audit statement is determined to be outdated when its Audit Period End Date is older than 1 year + 3 months.
Subject: Outdated Audit Statements for Intermediate Certificates
Dear Certification Authority,
Your CA has <#> intermediate certificate records in the Common CA Database (CCADB) that have outdated audit statements. Please login to the CCADB to provide audit and policy information as described here:
ccadb.org/cas/intermediates
A report of the intermediate certificates that need to be updated may be found by logging into the CCADB, clicking on the 'Reports' tab and the 'CA Community Reports' folder. The report is called "My Outdated Audit Statements for ICs"
{!IntermediateCertificateList}
(#10#)
This is an automated email that will be sent regularly until the audit statements have been updated in your CA's intermediate certificate records in the CCADB.
Regards,
{!User.FirstName} {!User.LastName}
{!User.CompanyName}
{!User.Title}