Confirm, administrator
5,526
edits
Changes
Fixed links
== Add a Trust Bit ==
When a root certificate is included in [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSSNSS], one or more of the three trust bits (websites, email, code signing) are enabled. It is common for a CA to request inclusion with a subset of the trust bits enabled, and then later request that an additional trust bit be enabled. The following steps outline how a CA may request to enable additional trust bits for a root certificate that is included in NSS.
# Do some initial preparations before you formally submit a request:
#* Update the CP/CPS to reflect the policies for the additional trust bits, and make sure that the additions to the CP/CPS follow the [httphttps://www.mozilla.org/projectsen-US/about/governance/policies/security-group/certs/policy/ Mozilla CA Certificate 's Root Store Policy], especially section 7. #* Review the [[CA:Recommended_Practices/Required_or_Recommended_Practices|Recommended Required Practices]] and [[CA:Problematic_Practices/Forbidden_or_Problematic_Practices|Potentially Problematic Forbidden Practices]].
#* Have the annual audit cover the updated CP/CPS.
#* Make sure that the audit meets and audit statements meet the requirements stated in the [httphttps://www.mozilla.org/projectsen-US/about/governance/policies/security-group/certs/policy/ #audits Mozilla CA Certificate 's Root Store Policy].]# Once you are ready, formally submit your request using the Mozilla project's [http://bugzilla.mozilla.org/ Bugzilla issue tracking system:]#* Click on the "Create a new bug report" link in [[CA:How_to_apply/Application_Instructions#Creation_and_submission_of_the_root_CA_certificate_inclusion_requestCreate_Root_Inclusion.2FUpdate_Request|CA:How_to_applyApplication Instructions]].
#* Set the bug summary to "Enable trust bits for <name of your root>".
#* In the bug description, include a reference to the original root-inclusion bug number.
#* In the bug description, include links to the updated CP/CPS and the updated auditstatements.# The request will go through the [[ CA:How_to_apply/Application_Verification#Information_gathering_and_verificationInformation_Verification|Information Gathering and Verification]], [[CA:How_to_apply/Application_Verification#Detailed_Review|Detailed Review]], [[CA/Application_Verification#Public_discussion|Public Discussion]], and [[CA:How_to_apply/Application_Verification#InclusionNSS_and_PSM_Bug_Creation|Inclusion]] phases as described in [[CA:How_to_apply/Application_Process#Process_Overview|CA:How_to_applyApplication Process Overview]].
== Enable EV ==
