MozillaWiki

CA/Information Checklist: Difference between revisions

Page Discussion

CA/Information Checklist (view source)

Revision as of 16:56, 14 April 2023

313 bytes removed ,  14 April 2023
General edits
m (Minor language edits)
(General edits)
Line 12: Line 12:
== Adding Root Certificates and Creating Root Inclusion Cases ==
== Adding Root Certificates and Creating Root Inclusion Cases ==


'''More detailed CCADB guidance on adding root certificates to the CCADB is also available [https://www.ccadb.org/cas/updates here].'''
'''Detailed guidance on adding root certificates to the CCADB is available at https://www.ccadb.org/cas/updates/.'''


If your CA does not yet have access to the CCADB, then you may request access here:  
If your CA does not yet have access to the CCADB, then you may request access here:  
* https://ccadb.org/cas/request-access
* https://ccadb.org/cas/request-access
The process for creating a Root Inclusion Case is as follows.
The process for creating a Root Inclusion Case is as follows.
# [https://ccadb.org/cas/getting-started Login to the CCADB.]
 
#Create an [https://www.ccadb.org/cas/updates "Add/Update Root Request"] in the CCADB
#Create an [https://www.ccadb.org/cas/updates "Add/Update Root Request"] in the CCADB
#*Click on the 'My CA' tab
#*Click on the 'My CA' tab
Line 76: Line 77:
#** There will be a green bar shown across the top of the page, which says “Case ###### was created. Click on the number in the list below (the same which was provided by green bar) to view the new Case.
#** There will be a green bar shown across the top of the page, which says “Case ###### was created. Click on the number in the list below (the same which was provided by green bar) to view the new Case.
# '''Additional instructions for creating a root inclusion case are available [https://www.ccadb.org/cas/inclusion here] and [https://docs.google.com/document/d/1FHSbpNJ3CQOcpVqrj66elKQhTmpllp-IBsDovPy6cOo here].'''
# '''Additional instructions for creating a root inclusion case are available [https://www.ccadb.org/cas/inclusion here] and [https://docs.google.com/document/d/1FHSbpNJ3CQOcpVqrj66elKQhTmpllp-IBsDovPy6cOo here].'''


'''ADDITIONAL INSTRUCTIONS'''
'''ADDITIONAL INSTRUCTIONS'''
Line 84: Line 84:
#* Make sure that Mozilla is listed in the 'Root Stores Applying To' field. If it is not, then go back to the Case page, click on the 'Add/Update Root Cases' button, click on the Mozilla checkbox  corresponding to the root certificate, then click on the 'Apply Changes' button.
#* Make sure that Mozilla is listed in the 'Root Stores Applying To' field. If it is not, then go back to the Case page, click on the 'Add/Update Root Cases' button, click on the Mozilla checkbox  corresponding to the root certificate, then click on the 'Apply Changes' button.
#Fill in the remaining information
#Fill in the remaining information
#*On the Case page, scroll down to the 'Mozilla Additional Requirements' section and click on the 'Print NEED Fields' to see where further information is needed.
#*On the 'Mozilla' page, click on the 'Print View' to see where further information is needed.
#Click on the ‘Audit Letter Validation [ALV]’ button (which may be in the button overflow – upside down triangle), and work with your auditor to resolve all problems.
#Click on the 'Get URLs' button (which may be in the button overflow – upside down triangle) and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|your Bugzilla Bug]]. The line to copy and paste into the Bugzilla Bug looks like:  
#Click on the 'Get URLs' button (which may be in the button overflow – upside down triangle) and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|your Bugzilla Bug]]. The line to copy and paste into the Bugzilla Bug looks like:  
#*Mozilla Root Inclusion Case Information: https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341
#*Mozilla Root Inclusion Case Information: https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341
Line 96: Line 95:
In addition to the information listed in the template and example above, CAs must provide the contact information for at least one person filling the role of Primary Point of Contact (POC), and may use a contractor as one of the POCs. The CA must have one or more people within the CA’s organization who jointly have authority to speak on behalf of the CA, and to direct whatever changes the review process or Mozilla’s CA Communications require.  At least one of the CA’s POCs should also be in a position to make commitments for the CA and be held accountable by the CA.  
In addition to the information listed in the template and example above, CAs must provide the contact information for at least one person filling the role of Primary Point of Contact (POC), and may use a contractor as one of the POCs. The CA must have one or more people within the CA’s organization who jointly have authority to speak on behalf of the CA, and to direct whatever changes the review process or Mozilla’s CA Communications require.  At least one of the CA’s POCs should also be in a position to make commitments for the CA and be held accountable by the CA.  


The POCs will:
The Primary POCs will:
* Provide [http://ccadb.org/cas/updates annual updates] of CP/CPS documents, audit statements, and test websites.
* Provide [http://ccadb.org/cas/updates annual updates] of CP/CPS documents, audit statements, and test websites.
* Respond to [https://wiki.mozilla.org/CA/Communications CA Communications]
* Respond to [https://wiki.mozilla.org/CA/Communications CA Communications]
Line 102: Line 101:
* [mailto:certificates@mozilla.org Inform Mozilla] when there is a change in the organization, ownership, CA policies, or in the POCs that Mozilla should be aware of, as per  
* [mailto:certificates@mozilla.org Inform Mozilla] when there is a change in the organization, ownership, CA policies, or in the POCs that Mozilla should be aware of, as per  
** [http://ccadb.org/policy#2-contact-information Common CCADB Policy]
** [http://ccadb.org/policy#2-contact-information Common CCADB Policy]
** [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#8-ca-operational-changes Mozilla's Root Store Policy]
** [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#8-ca-operational-changes Mozilla's Root Store Pne number to a specific individual within the CA (must be one of the POCs).
* CA Email Alias: An email alias is being requested so that more than one person in your organization will receive notifications in case the primary contact is out of the office or leaves the organiolicy]
* [mailto:certificates@mozilla.org Provide Mozilla] with updated contact information if a new person becomes a POC.
* [mailto:certificates@mozilla.org Provide Mozilla] with updated contact information if a new person becomes a POC.


Required contact information:
Required contact information:
* Direct E-mail address, full name (first and last name), and phone number to a specific individual within the CA (must be one of the POCs).
* Direct E-mail address, full name (first and last name), and phozation. Mozilla CA Communications will be sent to both the POC direct email address(es) and the email alias.
* CA Email Alias: An email alias is being requested so that more than one person in your organization will receive notifications in case the primary contact is out of the office or leaves the organization. Mozilla CA Communications will be sent to both the POC direct email address(es) and the email alias.
* CA Phone Number: A main phone number from which Mozilla can reach the organization responsible for root certificates for the CA.
* CA Phone Number: A main phone number from which Mozilla can reach the organization responsible for root certificates for the CA.
* Title / Department: If Mozilla needed to call your main phone number, what Title/Department should the Mozilla representative ask for?
* Title / Department: If Mozilla needed to call your main phone number, what Title/Department should the Mozilla representative ask for?
Line 114: Line 113:
* An individual within the CA must also get a Bugzilla account and comment in the bug to say that they will be a POC for the CA, and that the contractor has indeed been hired by the CA to act as one of the POCs.
* An individual within the CA must also get a Bugzilla account and comment in the bug to say that they will be a POC for the CA, and that the contractor has indeed been hired by the CA to act as one of the POCs.


To ensure that the POC(s) has the authority to perform the tasks listed above, a representative of Mozilla will do the following.
To ensure that the POC(s) has the authority to perform the tasks listed above, a representative of Mozilla may do the following.
# Use the CA’s website to contact a person at the CA to confirm that at least one of the POCs that have been provided does indeed have the authority to perform the responsibilities listed above on behalf of the CA.
# Use the CA’s website, to confirm that the domain in the email address of at least one of the POCs is owned by the CA (e.g. @CAname.com).
# Use the CA’s website, to confirm that the domain in the email address of at least one of the POCs is owned by the CA (e.g. @CAname.com).
# Use the CA’s website to contact a person at the CA to confirm that at least one of the POCs that have been provided does indeed have the authority to perform the responsibilities listed above on behalf of the CA.
# If a contractor is also used as a POC, then contact the POC that was previously verified to confirm that the CA has indeed enlisted the help of the contractor.
# If a contractor is also used as a POC, then contact the POC that was previously verified to confirm that the CA has indeed enlisted the help of the contractor.
Bwilson
Confirmed users
508

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1246135"