CA/Included Certificates: Difference between revisions
< CA
Jump to navigation
Jump to search
m (don't link to mxr.mozilla.org because it is dead (and now redirects certdata.txt to hg.mozilla.org)) |
m (→Mozilla Included CA Certificate List: Fixed broken link) |
||
| (28 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
= Mozilla Included CA Certificate List = | = Mozilla Included CA Certificate List = | ||
Mozilla | The Mozilla CA Certificate Program's list of included root certificates is stored in a file called [https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt certdata.txt] in the Mozilla source code management system. | ||
If you are '''choosing a CA to provide a certificate for your website''', we have a list of [https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport all root certificates that Firefox trusts for SSL/TLS], together with contact information and geographical focus for the owning CA. | |||
* [https:// | If you are '''embedding our root store''', you need to know that we have imposed some restrictions on certain CAs or certificates which are not encoded in certdata.txt. These are [[CA/Additional_Trust_Changes|documented]] on a best-efforts basis. | ||
** [https:// | <br /><br /> | ||
<big>[https://www.ccadb.org/rootstores/usage#ccadb-data-usage-terms CCADB Data Usage Terms]</big> | |||
* [[CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F|Can I use Mozilla's set of CA certificates?]] | |||
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled] (TXT) | |||
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMCSV?TrustBitsInclude=Websites PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled] (CSV) | |||
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Email PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled] (TXT) | |||
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMCSV?TrustBitsInclude=Email PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled] (CSV) | |||
'''<span style="background-color: yellow;">New Lists</span> (with links to any Markdown versions of CP/CPS)''' | |||
* [ | * [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootCertificateReport Included Root CA Certificates] (HTML) | ||
* [ | * [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootCertificateReportCSVFormat Included Root CA Certificates] (CSV) | ||
* [ | * [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootCertificateReportPEMCSV Included Root CA Certificates] (CSV with PEM of raw certificate data) | ||
* [ | |||
* [ | '''Old Version of Lists''' | ||
* [ | * [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReport Included Root CA Certificates] (HTML) | ||
* [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportCSVFormat Included Root CA Certificates] (CSV) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportPEMCSV Included Root CA Certificates] (CSV with PEM of raw certificate data) | |||
'''In Progress''' | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/UpcomingRootInclusionsReport Root Inclusions in Progress] (HTML) | |||
* [https://ccadb.my.salesforce-sites.com/mozilla/UpcomingRootInclusionsReportCSVFormat Root Inclusions in Progress] (CSV) | |||
Latest revision as of 16:50, 22 October 2025
Mozilla Included CA Certificate List
The Mozilla CA Certificate Program's list of included root certificates is stored in a file called certdata.txt in the Mozilla source code management system.
If you are choosing a CA to provide a certificate for your website, we have a list of all root certificates that Firefox trusts for SSL/TLS, together with contact information and geographical focus for the owning CA.
If you are embedding our root store, you need to know that we have imposed some restrictions on certain CAs or certificates which are not encoded in certdata.txt. These are documented on a best-efforts basis.
CCADB Data Usage Terms
- Can I use Mozilla's set of CA certificates?
- PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled (TXT)
- PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled (CSV)
- PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled (TXT)
- PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled (CSV)
New Lists (with links to any Markdown versions of CP/CPS)
- Included Root CA Certificates (HTML)
- Included Root CA Certificates (CSV)
- Included Root CA Certificates (CSV with PEM of raw certificate data)
Old Version of Lists
- Included Root CA Certificates (HTML)
- Included Root CA Certificates (CSV)
- Included Root CA Certificates (CSV with PEM of raw certificate data)
In Progress
- Root Inclusions in Progress (HTML)
- Root Inclusions in Progress (CSV)