Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
CA
,Tidy up top section and link to new 2.3
* [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.
== Policy and Included CAs ==
* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Certificate Policy](current version, 2.3)** [[CA:CertificatePolicyV2.1 BaselineRequirements| About version 2.1 of Mozilla's CA Certificate PolicyBaseline Requirements Compliance]]** [[CA:CertificatePolicyV2.2 | About version 2.2 of Mozilla's expectations regarding compliance with the CA Certificate Policy]]*** /Browser Forum's [https://wwwcabforum.google.comorg/url?q=https%3A%2F%2Fgithub.com%2Fmozilla%2Fpkipolicy%2Fblob%2F2.2%2Frootstore%2Fpolicy.md&sa=D&sntz=1&usg=AFQjCNFH21nfbaseline-requirements-dqYAClR7q1pKLuJGHqC6w Version 2.2 converted to a single Markdown document in githubdocuments/ Baseline Requirements]** [[CA:CertificatePolicyV2.3RootTransferPolicy|Drafting version 2.3 of Root Transfer Policy]]: Mozilla's CA Certificate Policy]]expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location
== Lists of CAs and Certificates == * [[CA:IncludedCAs|Included CA Certificates Spreadsheet]]** [[CA:RemovedCAcerts|Removed CA Certificates Spreadsheet]]** [[CA:RootTransferPolicy PendingCAs| Root Transfer PolicyPending CA Certificates]] - Mozilla's expectations when the ownership of an included root or certificate trust bit/EV status changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location.
* [[CA:SubordinateCAcerts|Public Intermediate (Subordinate) CA Certificates]]
* [[CANSS:PolicyRelease_Versions |Changes to Mozilla's CA Certificate Policy]] -- How to view changes to the policy, and snapshots of old versions of the policy.* [[CANSS:CertPolicyUpdates|Updating Mozilla CA Certificate PolicyRelease_Versions]] -- How the policy is updated, transitioning to new versions Mapping of the policy, things Root Cert Inclusion Bugs to discuss in regards to updating the Mozilla CA Certificate Policy.* [[CA:MD5and1024|Dates for Phasing out MD5-based signatures and 1024-bit moduli]]Product Releases
== CA Communications ==
== Common CA Database (aka CA Community in Salesforce) ==
Mozilla's CA Program uses the Common CA Database, also known as the CA Community in Salesforce, which is a highly customized CRM used for managing CA Program data. The Common CA Database enables CAs to directly provide the data for all of the [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|publicly disclosed and audited subordinate CAs]] chaining up to root certificates in Mozilla's program, and to also directly provide data about their [[CA:ImprovingRevocation#Preload_Revocations_of_Intermediate_CA_Certificates|revoked intermediate certificates]]. A [[CA:Information_checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]] for each [[CA:IncludedCAs|included CA]] will be given a [https://www.salesforce.com/communities/features/ CA Community]license, so that each of the CAs in Mozilla's program can input, access, and update their intermediate certificate data directly in the Common CA Database.
* [[CA:Certificate Download Specification|Certificate download specification]]. This document describes the data formats used by Mozilla products for installing certificates.
== Discussion forums Forums ==
The following Mozilla public forums are relevant to CA evaluation and related issues. Note that each forum can be accessed either as a mailing list or a newsgroup (using an NNTP-newsreader or the Google Groups service).
== Work in Progress ==
* [[CA:SHA1elimination | Phasing out SHA-1 Certificates]]
* [[CA:ImprovingRevocation | Plan for Improving Revocation Checking in Firefox]]
