Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
Jump to navigation
Jump to search
m
→Add a Trust Bit
| Line 19: | Line 19: | ||
When a root certificate is included in NSS, one or more of the three trust bits (websites, email, code signing) are enabled. It is common for a CA to request inclusion with a subset of the trust bits enabled, and then later request that an additional trust bit be enabled. The following steps outline how a CA may request to enable additional trust bits for a root certificate that is included in NSS. | When a root certificate is included in NSS, one or more of the three trust bits (websites, email, code signing) are enabled. It is common for a CA to request inclusion with a subset of the trust bits enabled, and then later request that an additional trust bit be enabled. The following steps outline how a CA may request to enable additional trust bits for a root certificate that is included in NSS. | ||
# Update the CP/CPS to reflect the policies for the additional trust bits, and make sure that the additions to the CP/CPS follow the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy], especially section 7. | # Do some initial preparations before you formally submit a request: | ||
# | #* Update the CP/CPS to reflect the policies for the additional trust bits, and make sure that the additions to the CP/CPS follow the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy], especially section 7. | ||
# Have the annual audit cover the updated CP/CPS. | #* Review the [[CA:Recommended_Practices|Recommended Practices]] and [[CA:Problematic_Practices|Potentially Problematic Practices]]. | ||
#* Have the annual audit cover the updated CP/CPS. | |||
#* Make sure that the audit meets the requirements stated in the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy.] | #* Make sure that the audit meets the requirements stated in the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy.] | ||
# | # Once you are ready, formally submit your request using the Mozilla project's [http://bugzilla.mozilla.org/ Bugzilla issue tracking system:] | ||
#* | #* Click on the "Create a new bug report" link in [[CA:How_to_apply#Creation_and_submission_of_the_root_CA_certificate_inclusion_request|CA:How_to_apply]]. | ||
#* In the bug description | #* Set the bug summary to "Enable trust bits for <name of your root>". | ||
#* In the bug description include links to the updated CP/CPS and the updated audit. | #* In the bug description, include a reference to the original root-inclusion bug number. | ||
#* In the bug description, include links to the updated CP/CPS and the updated audit. | |||
# The request will go through the [[ CA:How_to_apply#Information_gathering_and_verification|Information Gathering and Verification]], [[CA:How_to_apply#Public_discussion|Public Discussion]], and [[CA:How_to_apply#Inclusion|Inclusion]] phases as described in [[CA:How_to_apply|CA:How_to_apply]]. | # The request will go through the [[ CA:How_to_apply#Information_gathering_and_verification|Information Gathering and Verification]], [[CA:How_to_apply#Public_discussion|Public Discussion]], and [[CA:How_to_apply#Inclusion|Inclusion]] phases as described in [[CA:How_to_apply|CA:How_to_apply]]. | ||