CA/Subordinate CA Checklist: Difference between revisions

CA/Subordinate CA Checklist (view source)

14 bytes added , 4 February 2016

m

Confirmed users, Administrators

5,526

edits

@@ Line 6: / Line 6: @@
 == Super-CAs ==
-Some CAs sign the certificates of subordinate CAs to show that they have been accredited or licensed by the signing CA.  Such signing CAs are called Super-CAs, and their subordinate CAs must apply for inclusion of their own certificates until the following has been established and demonstrated:
+Some CAs sign the certificates of subordinate CAs to show that they have been accredited or licensed by the signing CA.  Such signing CAs are called Super-CAs, and their (first-level) subordinate CAs must apply for inclusion of their own certificates until the following has been established and demonstrated:
 * The Super-CA’s documented policies and audit criteria meet the requirements of [http://www.mozilla.org/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla’s CA Certificate Policy], which includes the [https://cabforum.org/baseline-requirements/ CA/Browser Forum’s Baseline Requirements], and includes sufficient information about verification practices and issuance of end-entity certificates.
 * The Super-CA is at all times completely accountable for their subordinate CAs, and the Super-CA ensures that all subordinate CAs demonstrably adhere to the Super-CA’s documented policies and audit criteria.