Confirmed users
569
edits
CA/Audit Statements: Difference between revisions
Jump to navigation
Jump to search
Fixed typo - Mozilla'a -> Mozilla's
m (Remove DRAFT) |
(Fixed typo - Mozilla'a -> Mozilla's) |
||
| Line 34: | Line 34: | ||
* If the certificate has an Extended Key Usage (EKU) extension, then the "Derived Trust Bits" field is set to values in that extension. | * If the certificate has an Extended Key Usage (EKU) extension, then the "Derived Trust Bits" field is set to values in that extension. | ||
* Otherwise CCADB checks the root certificate that the certificate chains up to. | * Otherwise CCADB checks the root certificate that the certificate chains up to. | ||
** If the root certificate is in only one of Mozilla' | ** If the root certificate is in only one of Mozilla's or Microsoft's root stores then the "Derived Trust Bits" field is set to the trust bits that are enabled for that root certificate by that root store. | ||
** If the root certificate is in both Mozilla' | ** If the root certificate is in both Mozilla's and Microsoft's root stores then the "Derived Trust Bits" field is set as the union of the trust bits that are enabled for the root certificate in both programs. | ||
'''When ALV returns FAIL''' for either "Standard Audit ALV Found Cert" or "BR Audit ALV Found Cert" for one of your CA's intermediate certificate records in the CCADB, do the following. | '''When ALV returns FAIL''' for either "Standard Audit ALV Found Cert" or "BR Audit ALV Found Cert" for one of your CA's intermediate certificate records in the CCADB, do the following. | ||