Confirmed users, Administrators
5,526
edits
CA:SalesforceCommunity: Difference between revisions
→Add Intermediate Certificate Data to Salesforce
| Line 58: | Line 58: | ||
* The "Clone" button will not copy the cert data (which is extracted from PEM data); it will only copy the other fields such as the policy documentation and audit information. | * The "Clone" button will not copy the cert data (which is extracted from PEM data); it will only copy the other fields such as the policy documentation and audit information. | ||
* PEM data must be provided for every intermediate certificate (chaining up to a root certificate in Mozilla's program) that is not [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|Technically Constrained]] via Extended Key Usage and Name Constraint settings. Policy documentation and audit statements must also be provided for these non-technically-constrained intermediate certificates, as per section 10 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy]. | * PEM data must be provided for every intermediate certificate (chaining up to a root certificate in Mozilla's program) that is not [[CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates|Technically Constrained]] via Extended Key Usage and Name Constraint settings. Policy documentation and audit statements must also be provided for these non-technically-constrained intermediate certificates, as per section 10 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy]. | ||
=== Add Data for Multiple Intermediate Certificates to Salesforce === | |||
When you have intermediate certificates that share the same CP, CPS, and audit statements, then you can use the "Clone" button to save time. The recommended procedure is as follows. | |||
# Enter the data for one intermediate certificate following the [[CA:SalesforceCommunity#Add_Intermediate_Certificate_Data_to_Salesforce|instructions above]]. | |||
# Make sure the "Audit Information" and "Policies and Practices Information" sections are completely and correctly filled in and saved. | |||
# Click on the "Clone" button. This will create a new intermediate certificate, copying the "Parent CA Owner/Certificate" field and the "Audit Information" and "Policies and Practices Information" sections. | |||
# Click on the "Add/Update PEM info" button, and enter the PEM data for the intermediate certificate data you are adding. | |||
# Click on the "Validate PEM Info" and "Update Intermediate Cert" buttons. The data for the intermediate certificate will be automatically filled in. | |||
# If the intermediate certificate is signed by a different root than the cert you had cloned, then click on the "Edit" button, change the "Parent CA Owner/Certificate" to the correct value, and click on the "Save" button. | |||
== Add Revoked Intermediate Certificate Data to Salesforce == | == Add Revoked Intermediate Certificate Data to Salesforce == | ||