== Adding Root Certificates and Creating Root Inclusion Cases ==
'''Detailed guidance on adding root certificates to === Access the CCADB is available at https://www.ccadb.org/cas/updates/.'''===
If your CA does not yet have access to the CCADB, then you may request access here:
* https://ccadb.org/cas/request-access
The process Information and instructions for creating a Root Inclusion Case is as follows. #Create an [https://www.ccadb.org/cas/updates "Add/Update Root Request"] in CAs about the CCADB#*Click on the 'My CA' tab#*Click on the 'CASES' tab under the CA Owner’s name, near the top left corner of the page#* Click on the 'New' button, which is on the right side of the page, below the 'Get URLs' button#* Select 'Add/Update Root Request', and click on 'Next'#* Type in information for the 'Subject', e.g. Example CA New Root Certificates#* Click on the 'Save' button.#** There will be a green bar shown across the top of the page, which says “Case ###### was created. Click on the number in the list below (the same which was provided by green bar) to view the new Case.#** Otherwise, go back to the 'CASES' tab in 'My CA', and click on the number in the top row of the 'Case' column.#Items that need to be completed appear in five tabs in a row near the top - "CA OWNER" "AUDITS" "POLICY DOCUMENTS" "ROOT INFORMATION" and "TEST WEBSITES" (if applicable). '''CA OWNER'''Required fields includeare here:#CA Owner Name#Address#Company Website#A CA Email Alias (distribution list) email address '''ROOT INFORMATION'''#Click on the "ROOT INFORMATION" tab, then "Add/Select Root Certificates", and then "Add Root Certificate to the CCADB"#Paste the PEM information for the Root Certificate in the box, click on "Validate PEM".#If validation is successful, click on the “Create Root Certificate in CCADB” button.#Fill in the data for the required fields for the root under the “ROOT INFORMATION” tab.#Repeat this process for each of the Root Certificates that need to be added.#Explain why each root certificate needs to be included in the root store '''AUDITS'''#* Audit statements must meet the requirements listed in [https://www.ccadb.org/policy#51-audit-statement-content section 5.1 of the Common CCADB Policy]#* CCADB automatically converts WebTrust Seal URLs into PDF URLs when you click on ‘Save’#* Note Mozilla's [[CAcas/Audit_Statements#Audit_Lifecycle|audit lifecycle requirements]]#Be sure to select "Applicable Root Certificates" and click on the inverted triangle ("Edit") to select root certificates covered by the audit.#Indicate which existing root certificates are part of this root inclusion or update request.#*For each root certificate to be considered in your request, check the appropriate boxes in the "Root Stores Applying To" column#*For each root certificate to be considered in your request, check the boxes corresponding to the audit statements that apply. '''POLICY DOCUMENTS'''# Click on the 'Update Policy Documents' button to provide current CP/CPS information.#* Click on the 'Help' button in the 'Add Policy Documents' page for instructions#* Update existing policy document information, or add new policy documents via the 'Add Policy Document' button#* Click on the checkmark to save each set of changes before clicking on the ‘Go Back’ button to return to the Case
'''TEST WEBSITES'''=== Create an "Add/Update Root Request" case ===CAs provide information about their CA organization and root certificates by creating an "Add/Update Root Request".#Click on the ‘Edit Test Websites’ button (which may be Create an [https://www.ccadb.org/cas/updates "Add/Update Root Request"] case in the button overflow – upside down triangle) to enter the test websites for CCADB#* Detailed Instructions: [https://docs.google.com/document/d/1AUbwbyqCq3jR7wP0fSWjL1us9s4sZIbXGRyo_ko77QM/edit Create an Add/Update Root Request]# Add new root certificates if you are requesting to the Websites (TLS server authentication) trust bitcase.#* Click In the ROOT INFORMATION tab, click on the "Add/Select Root Certificates" button. Then click on the 'Test Websites Validation' "Add Root Certificate to CCADB" buttonand paste the certificate PEM into the window and click on "Validate PEM". If validation is successful, resolve all failures, then click on 'Re-run Validation'the "Create Root Certificate in CCADB" button.#* Provide evidence Completely fill in the information in the five tabs of testing the "Add/Update Root Request" case: CA OWNER, AUDITS, POLICY DOCUMENTS, ROOT INFORMATION, and resultsTEST WEBSITES.# Click on the "Submit to Root Store" button.
Note:* Audit statements must meet the requirements listed in [https://www.ccadb.org/policy#51-audit-statement-content section 5.1 of the CCADB Policy] '''SUBMIT TO ROOT STOREand'''[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#3-documentation in section 3 of the Mozilla Root Store Policy].** Also see Mozilla's [[CA/Audit_Statements#When all requested information has been completed, Audit_Lifecycle|audit lifecycle requirements]]* CCADB automatically converts WebTrust Seal URLs into PDF URLs when you click on ‘Save’* In each audit statement section in the “Submit AUDITS tab, be sure to select "Applicable Root Store” Certificates". ** Click on the inverted triangle ("Edit") to select all of the root certificates covered by the audit.* If you are requesting that the Websites (TLS) trust bit be enabled for your root certificate(s), then be sure to provide the 3 test websites (valid, expired, revoked) in the TEST WEBSITES tab.** Click on the 'Test Websites Validation' button, resolve all failures, then click on 'Re-run Validation'
'''CREATE A ROOT INCLUSION CASE IN THE CCADB'''=== Create a "Root Inclusion Request" Case ===
# Create a [https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341 Root Inclusion Case] in the CCADB
#*Click on the 'My CA' tab
