CA/Audit Letter Validation: Difference between revisions

CA/Audit Letter Validation (view source)

472 bytes added , 3 January 2020

continued drafting

Confirmed users, Administrators

5,526

edits

@@ Line 46: / Line 46: @@
 * Revoke the intermediate certificate in accordance with BR section 4.9. If your CA decides not to revoke the certificate within the timeline specified by the BRs, then that is another incident, which must be addressed in a [[CA/Responding_To_An_Incident#Incident_Report|separate Incident Report]].
 * If the intermediate certificate is technically capable but not intended for TLS issuance, and revocation is not imminent, you may request that Mozilla add it to OneCRL by adding a comment to the Bugzilla bug with the request and [[certificates@mozilla.org|sending email to Mozilla]]. Note: While adding the certificate to OneCRL satisfies Mozilla's expectations for remediation, it may not satisfy other root store programs. You are advised to seek their guidance on this issue.
+'''CA Task List''': A report is available via a Task List item on each CA's CCADB home page which identifies intermediate certificate records that have FAIL for either "Standard Audit ALV Found Cert" or "BR Audit ALV Found Cert". In the summary section of the CA Task List this item is called "Intermediate Certs with Failed ALV Results", and the corresponding report (available when the value is non-zero) is called "Check failed Audit Letter Validation (ALV) results".
 = Common ALV Findings =
 <To Do>