CA/Application Instructions: Difference between revisions

Jump to navigation Jump to search

CA/Application Instructions (view source)

Revision as of 22:45, 1 June 2017

898 bytes removed ,  1 June 2017
cleanup
m (cleanup)
(cleanup)
Line 51: Line 51:


== Common CA Database ==
== Common CA Database ==
CAs must follow [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Mozilla's CA Certificate Maintenance Policy] the entire time they have a root certificate [[CA:IncludedCAs|included in Mozilla’s CA Certificate Program]].
CAs must follow [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy] the entire time they have a root certificate [[CA/Included_Certificates|included in Mozilla’s root store]].


CAs are required to:
CAs are required to:
* Annually provide public-facing statement(s) of attestation of their conformance to the stated verification requirements. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 4])
* Annually provide public-facing statement(s) of attestation of their conformance to the stated verification requirements.  
* Notify Mozilla when its policies and business practices change in regards to verification procedures for issuing certificates, when the ownership control of the CA’s certificate(s) changes, or when ownership control of the CA’s operations changes. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 5])
* Notify Mozilla when its policies and business practices change in regards to verification procedures for issuing certificates, when the [[CA:RootTransferPolicy|ownership control of the CA’s certificate(s) changes]], or when ownership control of the CA’s operations changes.  
* Ensure that Mozilla has their current contact information. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 6])
* Ensure that Mozilla has their current [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|contact information]].


Additionally, CAs must maintain their data in the [[CA:SalesforceCommunity|CA Community in Salesforce]] about:
Additionally, CAs must maintain their data in the [http://ccadb.org/ Common CA Database] about:
* All certificates that are capable of being used to issue new certificates, and which directly or transitively chain to their certificate(s) included in Mozilla’s CA Certificate Program that are not technically constrained as described in section 9 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy].
* All certificates that are capable of being used to issue new certificates, and which directly or transitively chain to their certificate(s) included in Mozilla’s CA Certificate Program that are not technically constrained via EKU and name constraints.
* [[CA:ImprovingRevocation#Preload_Revocations_of_Intermediate_CA_Certificates|Revoked certificates]] that were capable of being used to issue new certificates, and which directly or transitively chain to their certificate(s) included in Mozilla’s CA Certificate Program and were not technically constrained as described in section 9 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy].
* Revoked certificates that were capable of being used to issue new certificates, and which directly or transitively chain to their certificate(s) included in Mozilla’s CA Certificate Program and were not technically constrained via EKU and name constraints.
 
[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/enforcement/ Mozilla's CA Certificate Enforcement Policy] outlines action that Mozilla will take when these requirements are not met by CAs with included root certificates.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1172473"

Navigation menu