Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
Jump to navigation
Jump to search
Fixed links
m (Updated Bugzilla info) |
(Fixed links) |
||
| Line 17: | Line 17: | ||
== Add a Trust Bit == | == Add a Trust Bit == | ||
When a root certificate is included in NSS, one or more of the | When a root certificate is included in [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS NSS], one or more of the trust bits (websites, email) are enabled. It is common for a CA to request inclusion with a subset of the trust bits enabled, and then later request that an additional trust bit be enabled. The following steps outline how a CA may request to enable additional trust bits for a root certificate that is included in NSS. | ||
# Do some initial preparations before you formally submit a request: | # Do some initial preparations before you formally submit a request: | ||
#* Update the CP/CPS to reflect the policies for the additional trust bits, and make sure that the additions to the CP/CPS follow | #* Update the CP/CPS to reflect the policies for the additional trust bits, and make sure that the additions to the CP/CPS follow [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy Mozilla's Root Store Policy]. | ||
#* Review | #* Review [[CA/Required_or_Recommended_Practices|Required Practices]] and [[CA/Forbidden_or_Problematic_Practices|Forbidden Practices]]. | ||
#* Have the annual audit cover the updated CP/CPS. | #* Have the annual audit cover the updated CP/CPS. | ||
#* Make sure that the audit | #* Make sure that the audit and audit statements meet the requirements stated in [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#audits Mozilla's Root Store Policy]. | ||
# Once you are ready, formally submit your request using the | # Once you are ready, formally submit your request using the [http://bugzilla.mozilla.org/ Bugzilla issue tracking system:] | ||
#* Click on the "Create a new bug report" link in [[CA | #* Click on the "Create a new bug report" link in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|Application Instructions]]. | ||
#* Set the bug summary to "Enable trust bits for <name of your root>". | #* Set the bug summary to "Enable trust bits for <name of your root>". | ||
#* In the bug description, include a reference to the original root-inclusion bug number. | #* In the bug description, include a reference to the original root-inclusion bug number. | ||
#* In the bug description, include links to the updated CP/CPS and the updated audit. | #* In the bug description, include links to the updated CP/CPS and the updated audit statements. | ||
# The request will go through the [[ CA | # The request will go through the [[CA/Application_Verification#Information_Verification|Information Verification]], [[CA/Application_Verification#Detailed_Review|Detailed Review]], [[CA/Application_Verification#Public_discussion|Public Discussion]], and [[CA/Application_Verification#NSS_and_PSM_Bug_Creation|Inclusion]] phases as described in [[CA/Application_Process#Process_Overview|Application Process Overview]]. | ||
== Enable EV == | == Enable EV == | ||