Confirmed users, Administrators
5,526
edits
CA:SalesforceCommunity:MassImport: Difference between revisions
Jump to navigation
Jump to search
CA:SalesforceCommunity:MassImport (view source)
Revision as of 01:16, 24 January 2018
, 24 January 2018update to current CCADB links and requirements
m (add parent SHA-1 Fingerprint) |
(update to current CCADB links and requirements) |
||
| Line 1: | Line 1: | ||
= Automated Data Import = | = Automated Data Import = | ||
CAs who have a '''large''' number of intermediate certificates to add to the [ | CAs who have a '''large''' number of intermediate certificates to add to the [http://ccadb.org/cas/intermediates CCADB] may request that their data be mass imported from a spreadsheet or CSV file, by sending email to their root store operator. Doing the mass import process involves a significant amount of manual work, so if you have less than 20 intermediate certificates please enter them by hand. | ||
== Data Import Process == | == Data Import Process == | ||
| Line 6: | Line 6: | ||
<br /> | <br /> | ||
Within | Within the CCADB we will load the CA's data from CSV file(s) into a staging object, which we've called "Migrate Certs". After the data is loaded into the staging object, we can view a staging record for each intermediate cert to be imported, and also view reports on that data. After checking the staging records, we will run a batch program that will read all records from the Migrate Certs object and process them in two steps. | ||
Step one prepares a list of qualifying records for processing/reprocessing. Qualifying records are those that have not yet been migrated, and there is already a | Step one prepares a list of qualifying records for processing/reprocessing. Qualifying records are those that have not yet been migrated, and there is already a CCADB record for the Issuing certificate (parent). | ||
Step two parses the PEM data of each item from the list and adds the corresponding intermediate certificate record. The batch program may be run multiple times to add child certs or after making data corrections. | Step two parses the PEM data of each item from the list and adds the corresponding intermediate certificate record. The batch program may be run multiple times to add child certs or after making data corrections. | ||
<br /> | <br /> | ||
| Line 14: | Line 14: | ||
<br /> | <br /> | ||
For each of the errors, the CA will be responsible for [ | For each of the errors, the CA will be responsible for [http://ccadb.org/cas/intermediates entering the intermediate certificate data] themselves | ||
== Data Import Format == | == Data Import Format == | ||
| Line 27: | Line 27: | ||
| CA Owner/Certificate Name || Certificate Subject Common Name || Max 80 characters allowed. <br /> If the certificate does not have a Subject CN, then use the certificate Subject Organization. <br /> Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. | | CA Owner/Certificate Name || Certificate Subject Common Name || Max 80 characters allowed. <br /> If the certificate does not have a Subject CN, then use the certificate Subject Organization. <br /> Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. | ||
|- | |- | ||
| Parent CA Owner/Certificate || Certificate Issuer Common Name || Max 80 characters allowed | | Parent CA Owner/Certificate || Certificate Issuer Common Name || Max 80 characters allowed. | ||
|- | |- | ||
| Parent Certificate's SHA- | | Parent Certificate's SHA-256 Fingerprint || Issuer Cert's SHA-256 Fingerprint || Required. Use this format: 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE | ||
|- | |- | ||
| Revocation Status || <blank> <br /> Revoked || Leave blank if not revoked | | Revocation Status || <blank> <br /> Revoked || Leave blank if not revoked | ||
| Line 37: | Line 37: | ||
| RFC 5280 Revocation Reason Code || <blank> <br /> (0) unspecified <br /> (1) keyCompromise <br /> (2) cACompromise <br /> (3) affiliationChanged <br /> (4) superseded <br /> (5) cessationOfOperation <br /> (6) certificateHold <br /> (8) removeFromCRL <br /> (9) privilegeWithdrawn <br /> (10) aACompromise || Leave blank if not revoked | | RFC 5280 Revocation Reason Code || <blank> <br /> (0) unspecified <br /> (1) keyCompromise <br /> (2) cACompromise <br /> (3) affiliationChanged <br /> (4) superseded <br /> (5) cessationOfOperation <br /> (6) certificateHold <br /> (8) removeFromCRL <br /> (9) privilegeWithdrawn <br /> (10) aACompromise || Leave blank if not revoked | ||
|- | |- | ||
| Audits Same as Parent || TRUE <br /> FALSE || TRUE if this certificate has the same audit information as the issuing certificate (or a subset). If TRUE, then leave the other audit-related columns empty. | | Audits Same as Parent || TRUE <br /> FALSE || TRUE if this certificate has the same audit information as the issuing certificate (or a subset). If TRUE, then leave the other audit-related columns empty. If the column and the other audit-related columns are missing, then it will be assumed that this value is TRUE. | ||
|- | |- | ||
| Standard Audit || <blank> <br /> URL to audit statement || Leave blank if 'Audits Same as Parent' is TRUE. <br /> Max 255 characters allowed | | Standard Audit || <blank> <br /> URL to audit statement || Leave blank if 'Audits Same as Parent' is TRUE. <br /> Max 255 characters allowed | ||
| Line 63: | Line 63: | ||
| Auditor Qualifications || <blank> <br /> URL to an attestation of the auditor's qualifications || Leave blank if 'Audits Same as Parent' is TRUE. Max 255 characters allowed | | Auditor Qualifications || <blank> <br /> URL to an attestation of the auditor's qualifications || Leave blank if 'Audits Same as Parent' is TRUE. Max 255 characters allowed | ||
|- | |- | ||
| CP/CPS Same as Parent || TRUE <br /> FALSE || TRUE if this certificate has the same policy documentation as the issuing certificate (or a subset). If TRUE, then leave the other policy-related columns empty. If this column and the other CP/CPS columns are missing, then it will be assumed that this value is TRUE. | |||
| CP/CPS Same as Parent || TRUE <br /> FALSE || TRUE if this certificate has the same policy documentation as the issuing certificate (or a subset). If TRUE, then leave the other policy-related columns empty. | |||
|- | |- | ||
| Policy Documentation || <blank> <br /> Notes about the documentation, such as which language the documents are in, or additional documents that need to be listed. || Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 1000 characters allowed | | Policy Documentation || <blank> <br /> Notes about the documentation, such as which language the documents are in, or additional documents that need to be listed. || Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 1000 characters allowed | ||