Confirm, administrator
5,526
edits
Changes
m
Updated due to MDSP migration
=== Who decides which CA certificates to include in Mozilla products? ===
For a CA's root certificate to be considered for inclusion in Mozilla products, the CA makes a formal request by filing a bug in [[CA/Application_Instructions| Mozilla's Bugzilla system]]. Then the owners or peers of Mozilla's [[Modules/All#CA_Certificates| CA Certificates Module]] evaluate the information provided by the CA and conduct a public discussion in the [https://wwwgroups.google.com/a/mozilla.org/en-USg/about/forums/#dev-security-policy mozilla.dev.security.policy forumMDSP mailing list] regarding the request. After considering the information that the CA has presented and the recommendations of the Mozilla community, the module owners or peers determine if the root certificate should be included in Mozilla software products and which trust bits should be set on them.
=== How does a CA certificate get included in Mozilla products? ===
=== How can I impact Mozilla's default set of CA certificates? ===
You may influence the decisions about [[CA/Dashboard|root inclusion requests]] by contributing to the discussions in the [https://wwwgroups.google.com/a/mozilla.org/en-USg/about/forums/#dev-security-policy mozilla.dev.security.policy forumMDSP mailing list].
=== Why does SSL handshake fail due to missing intermediate certificate? ===
Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own. On a best-efforts basis, Mozilla maintains [[CA/Additional_Trust_Changes|a list of the additional things]] users of our store might need to consider.
For additional context see the discussion in the [https://groups.google.com/d/msga/mozilla.dev.security.policyorg/FYIBEF_AVMIg/2KYQrWirsiQJ discussion in mozilla.dev.-security -policyMDSP mailing list].
'''Important''': Consumers of this root store must consider the trust bit settings for each included root certificate.
