Confirmed users, Administrators
5,526
edits
CA:SalesforceCommunity: Difference between revisions
→Which intermediate certificate data should CAs add to Salesforce?
| Line 58: | Line 58: | ||
== Which intermediate certificate data should CAs add to Salesforce? == | == Which intermediate certificate data should CAs add to Salesforce? == | ||
* CAs '''must''' add records for: | * CAs '''must''' add records for: | ||
** Every intermediate certificate (chaining up to a root certificate in Mozilla's program) that is not [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|Technically Constrained]] via Extended Key Usage and Name Constraint settings. | ** Every intermediate certificate (chaining up to a root certificate in Mozilla's program with the Websites trust bit anabled) that is not [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|Technically Constrained]] via Extended Key Usage and Name Constraint settings. | ||
** Revoked intermediate certificates that [[CA:ImprovingRevocation#When_To_Notify_Mozilla|should be added to OneCRL]] | ** Revoked intermediate certificates that [[CA:ImprovingRevocation#When_To_Notify_Mozilla|should be added to OneCRL]] | ||
* CAs should '''not''' add records for: | * CAs should '''not''' add records for: | ||