CA:SalesforceCommunity: Difference between revisions

CA:SalesforceCommunity (view source)

3 bytes added , 18 May 2016

m

added or

Confirmed users, Administrators

5,526

edits

@@ Line 64: / Line 64: @@
 *** Including every intermediate certificate (chaining up to a root certificate in Mozilla's program with the Websites trust bit enabled) that is not [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|Technically Constrained]] via Extended Key Usage and Name Constraint settings.
 *** Intermediate certificates are considered to be technically constrained, and do not need to be added to the CA Community in Salesforce if:
-**** The intermediate certificate has the Extended Key Usage (EKU) extension and the EKU does '''not''' include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth;
+**** The intermediate certificate has the Extended Key Usage (EKU) extension and the EKU does '''not''' include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth; or
 **** The intermediate certificate includes the Name Constraints extension as described in section 7.1.5 of the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements]; or
 **** The root certificate is not enabled with the Websites trust bit.