Confirmed users
518
edits
CA/Intermediate Certificates: Difference between revisions
m
→Intermediate Certificates: Added highlighting
No edit summary |
m (→Intermediate Certificates: Added highlighting) |
||
| (13 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
= Intermediate Certificates = | = Intermediate Certificates = | ||
CAs are required to provide the data for all of their [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|publicly disclosed and audited intermediate certificates]] which chain up to root certificates in Mozilla's program. They do this using the [[CA:SalesforceCommunity|CCADB]]. | [[CA/Included_Certificates|CAs]] are required to provide the data for all of their [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|publicly disclosed and audited intermediate certificates]] which chain up to root certificates in Mozilla's program. They do this using the [[CA:SalesforceCommunity|CCADB]]. | ||
The following reports are '''generated once per day''' and include valid | The following reports are '''generated once per day''' and include valid intermediate certificates and expired intermediate certificates but not revoked intermediate certificates: | ||
<br /> | |||
<big>[https://www.ccadb.org/rootstores/usage#ccadb-data-usage-terms CCADB Data Usage Terms]</big> | |||
* [https:// | <span style="background-color: yellow;">'''Newer Versions of Reports'''</span> (with links to any Markdown versions of CP/CPS) | ||
* [https:// | * [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsV2 Intermediate CA Certificates] (HTML) | ||
* [https:// | * [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsCSVV2 Intermediate CA Certificates] (CSV) | ||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsWithPEMCSVV2 Intermediate CA Certificates] (CSV with PEM of raw certificate data) | |||
'''Old Versions of Reports''' | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCerts Intermediate CA Certificates] (HTML) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsCSV Intermediate CA Certificates] (CSV) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsWithPEMCSV Intermediate CA Certificates] (CSV with PEM of raw certificate data) | |||
* [https:// | * [https://ccadb.my.salesforce-sites.com/mozilla/MozillaIntermediateCertsCSVReport Non-revoked, non-expired Intermediate CA Certificates chaining up to roots in Mozilla's program with the Websites trust bit set] (CSV with PEM of raw certificate data) | ||
Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the | * [https://ccadb.my.salesforce-sites.com/mozilla/IntermediateCertsSeparateAudits Intermediate CA Certificates with their own audit statements] (HTML) | ||
* [https://ccadb.my.salesforce-sites.com/mozilla/IntermediateCertsSeparateAuditsCSV Intermediate CA Certificates with their own audit statements] (CSV) | |||
The following reports list revoked intermediate certificates: | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicIntermediateCertsRevoked Revoked Intermediate CA Certificates] (HTML) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicIntermediateCertsRevokedCSVFormat Revoked Intermediate CA Certificates] (CSV) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicIntermediateCertsRevokedWithPEMCSV Revoked Intermediate CA Certificates] (CSV with PEM of raw certificate data) | |||
The following reports list the intermediate certificates that are ready to be added to OneCRL. Some non-revoked intermediate certificates are added to OneCRL because they are not intended to be used for SSL/TLS. | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicInterCertsReadyToAddToOneCRL Intermediate CA Certificates Ready to Add to OneCRL] (HTML) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/PublicInterCertsReadyToAddToOneCRLPEMCSV Intermediate CA Certificates Ready to Add to OneCRL] (CSV with PEM of raw certificate data) | |||
The following reports list the intermediate certificates that have been added to OneCRL, and their revocation status as indicated by the CA in the CCADB. | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/IntermediateCertsInOneCRLReport Intermediate CA Certificates in OneCRL] (HTML) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/IntermediateCertsInOneCRLReportCSV Intermediate CA Certificates in OneCRL] (CSV) | |||
Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the intermediate certificates in the above report. | |||
* [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records OneCRL Raw Data] | * [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records OneCRL Raw Data] | ||
* [https://crt.sh/mozilla-onecrl OneCRL data table with links to each certificate in crt.sh | * [https://crt.sh/mozilla-onecrl OneCRL data table with links to each certificate in crt.sh] | ||