== CA-related Documents ==
=== Policy and Included CAs ===
* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Certificate Policy]
** [[CA:Terminology | Terminology]]
* [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.
* [http://tinyurl.com/MozillaBuiltInCAs Spreadsheet of all included root certificates]
* [[CA:SubordinateCA_checklist|Checklist for Subordinate CAs and CSPs]] Information needed when subordinate CAs are operated by third parties.
=== How To ... ===
* [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.
* [[PSM:EV_Testing_Easy_Version | EV Testing in Firefox:]] Explains how you can test that your CA certificate (that you want to enable for EV) and your OCSP infrastructure is working correctly according to the expectations of Mozilla, Firefox, the NSS library, and conforms to the SSL protocol specifications (as interpreted by Mozilla/NSS software).
** [[CA:EV_Revocation_Checking|EV certificates and revocation checking]]. This discusses how revocation checking via OCSP or CRLs affects the UI treatment of EV certificates.
** newsgroup: [http://groups.google.com/group/mozilla.dev.security/topics?pli=1 mozilla.dev.security]
** mailing list: [https://lists.mozilla.org/listinfo/dev-security dev-security@mozilla.org]
=== Work in Progress ===
* [http://www.mozilla.org/projects/security/certs/policy/WorkInProgress/ DRAFT of proposed next version of Mozilla's CA Certificate Policy]
* [[NSS:BurnDownList | SSL Burn Down List]] -- collecting/prioritizing bugs
* [[CA:OCSP-HardFail | OCSP Hard Fail]] -- What needs to be done before we can set OCSP to hard fail by default?
* [[CA:CAInclusionProcessIssues | Sandbox for identifying and resolving issues with the CA Inclusion Process]]
=== Templates ===
* [[CA:Tentative_approval_post_template|Tentative approval (newsgroup post)]]
* [[CA:Inclusion_template|Inclusion in NSS]]
=== Work in Progress ===
* [http://www.mozilla.org/projects/security/certs/policy/WorkInProgress/ DRAFT of proposed next version of Mozilla's CA Certificate Policy]
* [[NSS:BurnDownList | SSL Burn Down List]] -- collecting/prioritizing bugs
* [[CA:OCSP-HardFail | OCSP Hard Fail]] -- What needs to be done before we can set OCSP to hard fail by default?
* [[CA:CAInclusionProcessIssues | Sandbox for identifying and resolving issues with the CA Inclusion Process]]
=== Obsolete ===