Confirm, administrator
5,526
edits
Changes
m
For additional context see the discussion in the Useful Links:* [https://groupsblog.googlemozilla.comorg/security/a2021/mozilla.org05/g10/devbeware-securityof-applications-misusing-policy MDSP mailing list]. '''Important''': Consumers of this root store must consider the trust bit settings for each included root certificate. * ''-stores/ Correctly Using Mozilla's Root Store Data and usage terms are available via links in the [[CA/Included_Certificates|Mozilla Included CA Certificates]] wiki page.'''* Previously people extracted the data from certdata.txt: [https://www.imperialvioletccadb.org/2012rootstores/01/30/mozillaroots.html Why Trust Bits Matterusage#ccadb-data-usage-terms Data Usage Terms], * [https://githubwww.ccadb.comorg/agl/extract-nss-root-certs Extracting roots and their trust bitsresources Curated Lists of Root Certificates]
Updated information about using Mozilla's root store.
Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own. On a best-efforts basis, Mozilla maintains [[CA/Additional_Trust_Changes|a list of the additional things]] users of our store might need to consider.
=== How do I import a root cert into NSS on our organization's internal servers? ===
