Confirmed users
569
edits
CA/Required or Recommended Practices: Difference between revisions
Jump to navigation
Jump to search
CA/Required or Recommended Practices (view source)
Revision as of 23:31, 21 October 2022
, 21 October 2022→Revocation of Compromised Certificates: Added references to MRSP 6.1.1 and revocation reason code guidance
(→Audit Criteria: Updated language) |
(→Revocation of Compromised Certificates: Added references to MRSP 6.1.1 and revocation reason code guidance) |
||
| Line 70: | Line 70: | ||
=== Revocation of Compromised Certificates === | === Revocation of Compromised Certificates === | ||
CAs must revoke certificates with private keys that are known to be compromised, or for which verification of subscriber information is known to be invalid. | CAs must revoke certificates with private keys that are known to be compromised, or for which verification of subscriber information is known to be invalid. CAs must use CRL revocation reason codes in accordance with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#611-end-entity-tls-certificate-crlrevocation-reasons MRSP section 6.1.1]. See also [https://wiki.mozilla.org/CA/Revocation_Reasons Revocation Reasons] for additional guidance. | ||
=== Verifying Domain Name Ownership === | === Verifying Domain Name Ownership === | ||