Confirm
344
edits
Changes
General edits
== Adding Root Certificates and Creating Root Inclusion Cases ==
'''More detailed CCADB Detailed guidance on adding root certificates to the CCADB is also available [at https://www.ccadb.org/cas/updates here]/.'''
If your CA does not yet have access to the CCADB, then you may request access here:
* https://ccadb.org/cas/request-access
The process for creating a Root Inclusion Case is as follows.
#Create an [https://www.ccadb.org/cas/updates "Add/Update Root Request"] in the CCADB
#*Click on the 'My CA' tab
#** There will be a green bar shown across the top of the page, which says “Case ###### was created. Click on the number in the list below (the same which was provided by green bar) to view the new Case.
# '''Additional instructions for creating a root inclusion case are available [https://www.ccadb.org/cas/inclusion here] and [https://docs.google.com/document/d/1FHSbpNJ3CQOcpVqrj66elKQhTmpllp-IBsDovPy6cOo here].'''
'''ADDITIONAL INSTRUCTIONS'''
#* Make sure that Mozilla is listed in the 'Root Stores Applying To' field. If it is not, then go back to the Case page, click on the 'Add/Update Root Cases' button, click on the Mozilla checkbox corresponding to the root certificate, then click on the 'Apply Changes' button.
#Fill in the remaining information
#*On the Case page, scroll down to the 'Mozilla Additional Requirements' section and page, click on the 'Print NEED FieldsView' to see where further information is needed.#Click on the ‘Audit Letter Validation [ALV]’ button (which may be in the button overflow – upside down triangle), and work with your auditor to resolve all problems.
#Click on the 'Get URLs' button (which may be in the button overflow – upside down triangle) and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|your Bugzilla Bug]]. The line to copy and paste into the Bugzilla Bug looks like:
#*Mozilla Root Inclusion Case Information: https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341
In addition to the information listed in the template and example above, CAs must provide the contact information for at least one person filling the role of Primary Point of Contact (POC), and may use a contractor as one of the POCs. The CA must have one or more people within the CA’s organization who jointly have authority to speak on behalf of the CA, and to direct whatever changes the review process or Mozilla’s CA Communications require. At least one of the CA’s POCs should also be in a position to make commitments for the CA and be held accountable by the CA.
The Primary POCs will:
* Provide [http://ccadb.org/cas/updates annual updates] of CP/CPS documents, audit statements, and test websites.
* Respond to [https://wiki.mozilla.org/CA/Communications CA Communications]
* [mailto:certificates@mozilla.org Inform Mozilla] when there is a change in the organization, ownership, CA policies, or in the POCs that Mozilla should be aware of, as per
** [http://ccadb.org/policy#2-contact-information Common CCADB Policy]
** [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#8-ca-operational-changes Mozilla's Root Store PolicyPne number to a specific individual within the CA (must be one of the POCs). * CA Email Alias: An email alias is being requested so that more than one person in your organization will receive notifications in case the primary contact is out of the office or leaves the organiolicy]
* [mailto:certificates@mozilla.org Provide Mozilla] with updated contact information if a new person becomes a POC.
Required contact information:
* Direct E-mail address, full name (first and last name), and phone number to a specific individual within the CA (must be one of the POCs). * CA Email Alias: An email alias is being requested so that more than one person in your organization will receive notifications in case the primary contact is out of the office or leaves the organizationphozation. Mozilla CA Communications will be sent to both the POC direct email address(es) and the email alias.
* CA Phone Number: A main phone number from which Mozilla can reach the organization responsible for root certificates for the CA.
* Title / Department: If Mozilla needed to call your main phone number, what Title/Department should the Mozilla representative ask for?
* An individual within the CA must also get a Bugzilla account and comment in the bug to say that they will be a POC for the CA, and that the contractor has indeed been hired by the CA to act as one of the POCs.
To ensure that the POC(s) has the authority to perform the tasks listed above, a representative of Mozilla will may do the following.# Use the CA’s website to contact a person at the CA to confirm that at least one of the POCs that have been provided does indeed have the authority to perform the responsibilities listed above on behalf of the CA.
# Use the CA’s website, to confirm that the domain in the email address of at least one of the POCs is owned by the CA (e.g. @CAname.com).
# If a contractor is also used as a POC, then contact the POC that was previously verified to confirm that the CA has indeed enlisted the help of the contractor.
