Confirmed users, Administrators
5,526
edits
CA/Information Checklist: Difference between revisions
Jump to navigation
Jump to search
Updating to remove duplication with the ccadb.org website and instructions documents
(Updating to remove duplication with the ccadb.org website and instructions documents) |
(Updating to remove duplication with the ccadb.org website and instructions documents) |
||
| Line 27: | Line 27: | ||
# Click on the "Submit to Root Store" button. | # Click on the "Submit to Root Store" button. | ||
'''Important''': | |||
* Audit statements must meet the requirements listed in [https://www.ccadb.org/policy#51-audit-statement-content section 5.1 of the CCADB Policy] '''and''' [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#3-documentation in section 3 of the Mozilla Root Store Policy]. | * Audit statements must meet the requirements listed in [https://www.ccadb.org/policy#51-audit-statement-content section 5.1 of the CCADB Policy] '''and''' [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#3-documentation in section 3 of the Mozilla Root Store Policy]. | ||
** Also see Mozilla's [[CA/Audit_Statements#Audit_Lifecycle|audit lifecycle requirements]] | ** Also see Mozilla's [[CA/Audit_Statements#Audit_Lifecycle|audit lifecycle requirements]] | ||
| Line 35: | Line 35: | ||
* If you are requesting that the Websites (TLS) trust bit be enabled for your root certificate(s), then be sure to provide the 3 test websites (valid, expired, revoked) in the TEST WEBSITES tab. | * If you are requesting that the Websites (TLS) trust bit be enabled for your root certificate(s), then be sure to provide the 3 test websites (valid, expired, revoked) in the TEST WEBSITES tab. | ||
** Click on the 'Test Websites Validation' button, resolve all failures, then click on 'Re-run Validation' | ** Click on the 'Test Websites Validation' button, resolve all failures, then click on 'Re-run Validation' | ||
* Add records to the CCADB for all existing intermediate certificates chaining up to the new root certificate(s). | |||
** https://www.ccadb.org/cas/intermediates | |||
=== Create a "Root Inclusion Request" Case === | === Create a "Root Inclusion Request" Case === | ||
After you have provided information to the CCADB about your CA organization and root certificates, you may use a "Root Inclusion Request" case to request that your root certificate(s) be included in Mozilla's root store, update trust bit settings, and/or enable EV treatment. | |||
# Create a [https://www.ccadb.org/cas/inclusion "Root Inclusion Request" Case] in the CCADB | |||
#* Detailed Instructions: [https://docs.google.com/document/d/1FHSbpNJ3CQOcpVqrj66elKQhTmpllp-IBsDovPy6cOo/edit# Create a Root Inclusion Request] | |||
#* Example: https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341 | |||
* Fill in all of the fields in the MOZILLA tab | |||
# Click on the "Submit to Root Store" button. | |||
# | |||
''' | '''Important''': | ||
* In the MOZILLA tab, click on the "Print View" button to see the data that will be shared publicly about your request. | |||
* Click on the "Get URLs" button (which may be in the button overflow – upside down triangle) and copy the line that begins with “Mozilla Root Inclusion Case Information:” into a Comment in [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|your Bugzilla Bug]]. The line to copy and paste into the Bugzilla Bug looks like: | |||
**Mozilla Root Inclusion Case Information: https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000341 | |||
* Whenever you update data in your Root Inclusion Case in the CCADB, be sure to [[CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request|add a comment to your Bugzilla Bug]] to let folks know to re-check the information.''' | |||
* | |||
== CA Primary Point of Contact (POC) == | == CA Primary Point of Contact (POC) == | ||