Confirm, administrator
5,526
edits
Changes
Added reports of intermediate certs in OneCRL and their revocation status per CCADB
[[CA/Included_Certificates|CAs]] are required to provide the data for all of their [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|publicly disclosed and audited intermediate certificates]] which chain up to root certificates in Mozilla's program. They do this using the [[CA:SalesforceCommunity|CCADB]].
The following reports are '''generated once per day''' and include valid intermediates intermediate certificates and expired intermediates intermediate certificates but not revoked intermediatesintermediate certificates:
* [https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCerts Intermediate CA Certificates] (HTML)
* [https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAuditsCSV Intermediate CA Certificates with their own audit statements] (CSV)
The following reports list revoked intermediatesintermediate certificates:
* [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevoked Revoked Intermediate CA Certificates] (HTML)
* [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedWithPEMCSV Revoked Intermediate CA Certificates] (CSV with PEM of raw certificate data)
The following reports list the intermediate certs certificates that are ready to be added to OneCRL. Some non-revoked intermediate certs certificates are added to OneCRL because they are not intended to be used for SSL/TLS.
* [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRL Intermediate CA Certificates Ready to Add to OneCRL] (HTML)
* [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRLPEMCSV Intermediate CA Certificates Ready to Add to OneCRL] (CSV with PEM of raw certificate data)
The following reports list the intermediate certificates that have been added to OneCRL, and their revocation status as indicated by the CA in the CCADB.* [http://ccadb-public.force.com/mozilla/IntermediateCertsInOneCRLReport Intermediate CA Certificates in OneCRL] (HTML)* [http://ccadb-public.force.com/mozilla/IntermediateCertsInOneCRLReportCSV Intermediate CA Certificates in OneCRL] (CSV) Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the revoked intermediates intermediate certificates in the above report.
* [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records OneCRL Raw Data]
* [https://crt.sh/mozilla-onecrl OneCRL data table with links to each certificate in crt.sh and the corresponding Bugzilla bugs]
