In order to support cryptographic applications such as SSL/TLS connections to web and other servers, and signed and encrypted email, Firefox and other Mozilla-based products contain digital certificates and related metadata for multiple Certification Authorities (CAs). By including the CA certificates and various associated pre-set metadata values Mozilla-based products can recognize as valid the end entity certificates that are issued under the auspices of the CAs in question and are associated with, e.g., web servers, and email senders.
CAs wishing to have their certificates included in Mozilla products == Example and Template ==The example and template below list the information that must comply with be provided by the requirements CA in their root inclusion or update request as per step 1 of the [[CA/Application_Process#Process_Overview|Mozilla's Application Process]]. * [https://wwwdocs.mozillagoogle.orgcom/aboutdocument/governanced/policies/security1lKSW0WqThxeIMzQwyo7-groupuwqF8hH3e069lHW2KE78vAM/certs/policy Mozilla Root Store Policyedit?usp=sharing Template (Google Doc)] -- If your CA does not currently have access to the CCADB, then this is the form to fill in. Download it from Google Docs, fill it in, and must supply attach to your Bugzilla Bug.** Note that the certificate data will be extracted directly from the PEM of the certificate, so the CA should attach the PEM of the information necessary root certificate to determine whether the Bugzilla bug, or not provide a link to the policy’s requirements have been satisfiedcertificate on their website. The information must be provided in a * [[CAhttps://Application_Instructions#Create_Root_Inclusionccadb-public.secure.force.2FUpdate_Request|Mozilla Bugzilla bugcom/mozilla/PrintViewForCase?CaseNumber=00000341 Example]] as described -- an Example Root Inclusion Case in [[CCADB. If your CA/Application_Process|Mozilla's Application Process Overview]]. This information includes (but is not necessarily limited currently has access to) the information listed in this pageCCADB, then you may create a Root Inclusion Case as described below.
The Mozilla's process is public-facing, so all information that will be taken under consideration during the root inclusion request must be publicly available and provided by the CA will be verified by a representative of Mozilla to via the maximum extent practicable using CAs’ published documentation. Statements attributed to third parties (e.g., auditors) shall be verified with those parties. The information gathered should be published through the appropriate Mozilla channels (e.g., web sites, Bugzilla bug reports, and/report or discussion forums)a Case in the CCADB. == Example and Template ==
The template and example below show == Create a Root Inclusion Case ==If your CA currently has access to the CCADB, then enter your information that the CA must provide for a root inclusion/update requestdirectly as described below.* # [https://docsccadb.google.comorg/documentcas/d/1lKSW0WqThxeIMzQwyo7getting-uwqF8hH3e069lHW2KE78vAM/edit?usp=sharing Template (Google Doc)] -- This is started Login to the form to fill in. Download it from Google Docs, fill it in, and attach to your Bugzilla BugCCADB.]* #Create a [https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000341 ExampleRoot Inclusion Case] in the CCADB -- an Example one Case per set of audit statements.#*Navigate to the CA Owner Record for your CA.#**Click on “CA Owners/Certificates” tab, then in “View:” select “Community User’s CA Owners/Root Certs” and click on “Go!”. #**Click on the “CA Owner/Certificate Name” of your CA’s Owner record.#*Scroll down to the ‘Cases’ section.#*Click on the ‘New Case’ button, and select “CA Root Inclusion Request”.#Click on the ‘Submit’ button to create the new Root Inclusion Case in CCADB.#*For our use, the ‘Submit’ button is the ‘Save’ button. (Salesforce doesn’t currently let us change the name of this particular button.)#* Note that You may click on ‘Edit’ and ‘Submit’ as many times as you need to get all of your information entered.#Click on the certificate “Copy Audit Info” button, to copy data will be extracted directly from a root cert already in the CCADB (if applicable).#Click on the ‘Add/Update Root Cases’ button to add the PEM for the new root cert or to indicate which existing root certs are part of the this root inclusion or update request.#*For each root certificateto be considered in your request, so check the CA should attach boxes corresponding to the audit statements that apply. Then click on the “Apply Changes” button. This will create corresponding Root Cases.#Click on the PEM of ‘Edit Test Websites’ button to enter the test websites for new root certificate certs if you are requesting the Websites (TLS/SSL) trust bit.#Click on the ‘Audit Letter Validation (ALV)’ button, and work with your auditor to resolve all problems.#Fill in the remaining information in your Case and Root Cases.#*Scroll down to the “Mozilla Additional Requirements” section and click on the “Print NEED Fields” to see where further information is needed.#Click on the ‘Get URLs’ button and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in your Bugzilla bug, or provide a link Bug. The line to copy and paste into the certificate on their websiteBugzilla Bug looks like: #*Mozilla Root Inclusion Case Information: https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000341#*This will trigger step 2 of Mozilla’s root inclusion process.
Mozilla's process is public-facingWhenever you update data in your Root Inclusion Case in the CCADB, so all information that will be taken under consideration during sure to add a comment to your Bugzilla Bug to let folks know to re-check the root inclusion request must be publicly available and provided by the CA via the Bugzilla bug reportinformation.
== CA Primary Point of Contact (POC) ==
