Confirm
344
edits
Changes
Added clarifying language
* [https://docs.google.com/document/d/1lKSW0WqThxeIMzQwyo7-uwqF8hH3e069lHW2KE78vAM/edit?usp=sharing Template (Google Doc)] -- This template is no longer used. As of June 1, 2019, all CAs directly create their own Root Inclusion Case in the CCADB.
Mozilla's process is public-facing, so all information that will be taken under consideration during the root inclusion request must be publicly available and provided by the CA via the Bugzilla bug report or a Case in the CCADBand in a Bugzilla bug report. (Both must be created as they will reference each other.)
== Create a Root Inclusion Case ==
If your CA currently has access to the CCADB, then enter your information directly as described below.
# [https://ccadb.org/cas/getting-started Login to the CCADB.]
#Create a [https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000341 Root Inclusion Case] in the CCADB - one Case per set of audit statements.(One Root Inclusion Case may consist of multiple roots, if they are covered by the same audit statement.)
#*Click on the 'My CA' tab
#*Scroll down to the 'Cases' section
#*For our use, the 'Submit' button is the ‘Save’ button. (Salesforce doesn’t currently let us change the name of this particular button.)
#*You may click on 'Edit' and 'Submit' as many times as you need to get all of your information entered.
#Click on the 'Copy Audit Info' button, to copy data from a root cert certificate already in the CCADB (if applicable).#Click on the 'Add/Update Root Cases' button to add the each PEM for the each new root cert certificate or to indicate which existing root certs certificates are part of this root inclusion or update request.
#*For each root certificate to be considered in your request, check the boxes corresponding to the audit statements that apply. Then click on the 'Apply Changes' button. This will create corresponding Root Cases.
#Click on the ‘Edit Test Websites’ button to enter the test websites for new root certs certificates if you are requesting the Websites (TLS/SSL) trust bit.
#Click on the ‘Audit Letter Validation (ALV)’ button, and work with your auditor to resolve all problems.
#Fill in the remaining information in your Case and Root Cases. Fill in your responses for each field where there are "NEED" statements.
#*Scroll down to the 'Mozilla Additional Requirements' section and click on the 'Print NEED Fields' to see where further information is needed.
#Click on the 'Get URLs' button and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|your Bugzilla Bug]]. The line to copy and paste into the Bugzilla Bug looks like:
IMPORTANT:
* '''Whenever you update data in your Root Inclusion Case in the CCADB, be sure to [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|add a comment to your Bugzilla Bug]] to let folks know to re-check the information.'''
* Fields for which a root store operator has set "Data Verified" can not cannot be edited until you ask the root store operator to change the corresponding status back to "Not Verified".
== CA Primary Point of Contact (POC) ==
In addition to the information listed in the template and example above, CA's CAs must provide the contact information for at least one person filling the role of Primary Point of Contact (POC), and may use a contractor as one of the POCs. The CA must have one or more people within the CA’s organization who jointly have authority to speak on behalf of the CA, and to direct whatever changes the review process or Mozilla’s CA Communications require. At least one of the CA’s POCs should also be in a position to make commitments for the CA and be held accountable by the CA.
The POCs will:
