CA:SalesforceCommunity:MassImport: Difference between revisions
m (adding data) |
m (clarification) |
||
| Line 27: | Line 27: | ||
| PEM || -----BEGIN CERTIFICATE----- <br /> <cert PEM data> <br /> -----END CERTIFICATE----- || Cert PEM data must be enclosed in begin and end tags | | PEM || -----BEGIN CERTIFICATE----- <br /> <cert PEM data> <br /> -----END CERTIFICATE----- || Cert PEM data must be enclosed in begin and end tags | ||
|- | |- | ||
| CA Owner/Certificate Name || Certificate Subject Common Name || Max 80 characters allowed. If the certificate does not have a Subject CN, then use the certificate Subject Organization. | | CA Owner/Certificate Name || Certificate Subject Common Name || Max 80 characters allowed. If the certificate does not have a Subject CN, then use the certificate Subject Organization. Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. | ||
|- | |- | ||
| Parent CA Owner/Certificate || Certificate Issuer Common Name || Max 80 characters allowed. If the certificate does not have an Issuer CN, then use the Issuer Organization. | | Parent CA Owner/Certificate || Certificate Issuer Common Name || Max 80 characters allowed. If the certificate does not have an Issuer CN, then use the Issuer Organization. Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. | ||
|- | |- | ||
| Revocation Status || <blank> <br /> Revoked || Leave blank if not revoked | | Revocation Status || <blank> <br /> Revoked || Leave blank if not revoked | ||
Revision as of 18:40, 5 May 2016
Automated Data Import
CAs who have a very large number of intermediate certificates to add to the CA Community in Salesforce may request that their data be mass imported from a spreadsheet or CSV file, by sending email to Kathleen.
Data Import Process
Intermediate certificate data may be automatically imported from a CSV file for one CA at a time. The data will first be imported into a test environment and checked, before it will be imported into production.
Within Salesforce we will load the CA's data from CSV file(s) into a staging object, which we've called "Migrate Certs". After the data is loaded into the staging object, we can view a staging record for each intermediate cert to be imported, and also view reports on that data. After checking the staging records, we will run a batch program that will read all records from the Migrate Certs object and process them in two steps.
Step one prepares a list of qualifying records for processing/reprocessing. Qualifying records are those that have not yet been migrated, and there is already a Salesforce record for the Issuing certificate (parent).
Step two parses the PEM data of each item from the list and adds the corresponding intermediate certificate record. The batch program may be run multiple times to add child certs or after making data corrections.
When the batch program is no longer updating records, a report of the imported certs will be generated which indicates if the cert was imported or not, and the error if the cert was not imported. The report contains: CA Owner/Certificate Name, Parent CA Owner/Certificate, Processing Message/Error, if the cert was imported, X.509 Certificate (PEM).
For each of the errors, the CA will be responsible for entering the intermediate certificate data themselves
Data Import Format
File Format: CSV or Excel Worksheet
| Column/Field Name | Valid Values | Rules/Notes |
|---|---|---|
| PEM | -----BEGIN CERTIFICATE----- <cert PEM data> -----END CERTIFICATE----- |
Cert PEM data must be enclosed in begin and end tags |
| CA Owner/Certificate Name | Certificate Subject Common Name | Max 80 characters allowed. If the certificate does not have a Subject CN, then use the certificate Subject Organization. Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. |
| Parent CA Owner/Certificate | Certificate Issuer Common Name | Max 80 characters allowed. If the certificate does not have an Issuer CN, then use the Issuer Organization. Note: A few additional characters may be added at the end of the name, for clarification purposes, but must be kept consistent within the hierarchy. |
| Revocation Status | <blank> Revoked |
Leave blank if not revoked |
| Date of Revocation | <blank> MM/DD/YYYY |
Leave blank if not revoked |
| RFC 5280 Revocation Reason Code | <blank> (0) unspecified (1) keyCompromise (2) cACompromise (3) affiliationChanged (4) superseded (5) cessationOfOperation (6) certificateHold (8) removeFromCRL (9) privilegeWithdrawn (10) aACompromise |
Leave blank if not revoked |
| Audits Same as Parent | TRUE FALSE |
TRUE if this certificate has the same audit information as the issuing certificate (or a subset). If TRUE, then leave the other audit-related columns empty. |
| Standard Audit | <blank> URL to audit statement |
Leave blank if 'Audits Same as Parent' is TRUE. Max 255 characters allowed |
| Standard Audit Type | <blank> WebTrust ETSI TS 102 042 ETSI TS 101 456 |
Leave blank if 'Audits Same as Parent' is TRUE |
| Standard Audit Statement Date | <blank> MM/DD/YYYY |
Leave blank if 'Audits Same as Parent' is TRUE. Date that the audit statement was signed. |
| BR Audit | <blank> URL to BR audit statement |
Leave blank if 'Audits Same as Parent' is TRUE, or if Websites Trust Bit not enabled for the root, or cert not capable of issuing SSL/TLS certs. |
| BR Audit Type | <blank> WebTrust ETSI TS 102 042 |
Leave blank if 'Audits Same as Parent' is TRUE |
| BR Audit Statement Date | <blank> MM/DD/YYYY |
Leave blank if 'Audits Same as Parent' is TRUE. Date that the BR audit statement was signed. |
| EV Audit | <blank> URL to EV audit statement |
Leave blank if 'Audits Same as Parent' is TRUE, or if Websites Trust Bit not enabled for the root, or if this cert is not capable of issuing EV SSL/TLS certs. |
| EV Audit Type | <blank> WebTrust ETSI TS 102 042 |
Leave blank if 'Audits Same as Parent' is TRUE |
| EV Audit Statement Date | <blank> MM/DD/YYYY |
Leave blank if 'Audits Same as Parent' is TRUE. Date that the EV audit statement was signed. |
| Auditor | <blank> Auditor's name |
Leave blank if 'Audits Same as Parent' is TRUE. Max 100 characters allowed |
| Auditor Website | <blank> URL to the auditor's website, or a site showing their affiliation, accreditation, or qualifications |
Leave blank if 'Audits Same as Parent' is TRUE. Max 300 characters allowed |
| Auditor Qualifications | <blank> URL to an attestation of the auditor's qualifications |
Leave blank if 'Audits Same as Parent' is TRUE. Max 255 characters allowed |
| Management Assertions By | <blank> Name (in English) of the organization who made the Management's assertions |
Leave blank if 'Audits Same as Parent' is TRUE. Max 255 characters allowed |
| CP/CPS Same as Parent | TRUE FALSE |
TRUE if this certificate has the same policy documentation as the issuing certificate (or a subset). If TRUE, then leave the other policy-related columns empty. |
| Policy Documentation | <blank> Notes about the documentation, such as which language the documents are in, or additional documents that need to be listed. |
Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 1000 characters allowed |
| CA Document Repository | <blank> URL to the document repository pertaining to this certificate. |
Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 255 characters allowed |
| Certificate Policy (CP) | <blank> URL to the Certificate Policy (CP) pertaining to this certificate. |
Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 300 characters allowed |
| Certification Practice Statement (CPS) | <blank> URL to the Certificate Practice Statement (CPS) pertaining to this certificate. |
Leave blank if 'CP/CPS Same as Parent' is TRUE. Max 300 characters allowed |
| Public Comments | <blank> Any necessary additional information about the cert, audits, or CP/CPS |
Max 2000 characters allowed |