CA:SalesforceCommunity: Difference between revisions

Jump to navigation Jump to search

CA:SalesforceCommunity (view source)

Revision as of 00:51, 21 May 2016

22 bytes added ,  21 May 2016
m
cert chaining to two included roots
(cert chaining to two included roots)
m (cert chaining to two included roots)
Line 72: Line 72:
When the '''same exact intermediate certificate''' chains up to two included root certificates, the certificate only needs to be included in Salesforce once.
When the '''same exact intermediate certificate''' chains up to two included root certificates, the certificate only needs to be included in Salesforce once.
* For root certificate (rootA) that is cross-signed by another included root certificate (rootB) that has the Websites trust bit enabled, the intermediate certificates chaining up to rootA only need to be disclosed once.
* For root certificate (rootA) that is cross-signed by another included root certificate (rootB) that has the Websites trust bit enabled, the intermediate certificates chaining up to rootA only need to be disclosed once.
** The cross-certificate records for rootA must be entered into Salesforce, chaining to rootB.
** The cross-certificates for rootA must be entered into Salesforce, chaining to rootB.
** If rootA is included and has the Websites trust bit enabled, then its intermediate certificate records should be entered into Salesforce such that they chain directly to rootA.
** If rootA is included and has the Websites trust bit enabled, then its intermediate certificates should be entered into Salesforce such that they chain directly to rootA.
** If rootA has been removed from NSS or does not have the Websites trust bit enabled, then its intermediate certificate records must be entered into Salesforce such that they chain to rootB.  
** If rootA has been removed from NSS or does not have the Websites trust bit enabled, then its intermediate certificates must be entered into Salesforce such that they chain to rootB.  
** If rootA and rootB are owned by different CAs, then both CAs are responsible for ensuring that the intermediate certificate records are appropriately entered into Salesforce.
** If rootA and rootB are owned by different CAs, then both CAs are responsible for ensuring that the data for all of their non-technically-constrained intermediate certificates are appropriately entered into Salesforce.


CAs should '''not''' add records for:
CAs should '''not''' add records for:
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1133647"

Navigation menu