CA/Intermediate Certificates

From MozillaWiki
< CA
Jump to: navigation, search

Intermediate Certificates

CAs are required to provide the data for all of their publicly disclosed and audited intermediate certificates which chain up to root certificates in Mozilla's program. They do this using the CCADB.

The following reports are generated once per day and include valid intermediate certificates and expired intermediate certificates but not revoked intermediate certificates:
CCADB Data Usage Terms

The following reports list revoked intermediate certificates:

The following reports list the intermediate certificates that are ready to be added to OneCRL. Some non-revoked intermediate certificates are added to OneCRL because they are not intended to be used for SSL/TLS.

The following reports list the intermediate certificates that have been added to OneCRL, and their revocation status as indicated by the CA in the CCADB.

Firefox (version 37 and later) uses the OneCRL system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the intermediate certificates in the above report.