Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
m
→Baseline Requirements (BRs)
| Line 3: | Line 3: | ||
The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements] provide a foundation for best practices across the industry by defining a single, consolidated set of essential standards for all SSL/TLS certificates. The initial Effective Date of the BRs was 1 July 2012. Refer to the Document History section of the BRs for further information about BR Effective Dates and Relevant Compliance Dates. | The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements] provide a foundation for best practices across the industry by defining a single, consolidated set of essential standards for all SSL/TLS certificates. The initial Effective Date of the BRs was 1 July 2012. Refer to the Document History section of the BRs for further information about BR Effective Dates and Relevant Compliance Dates. | ||
[https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Version 2.1] of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy] added the requirement that SSL certificate issuance also be audited according to the BRs. This means that CAs with a root certificate included in Mozilla's Program that has the websites (SSL/TLS) trust bit enabled must have their SSL certificate issuance and operations audited annually according to the BRs. Additionally, any Certificate Authority being considered for root inclusion must have a Baseline Requirements audit performed if the websites trust bit is to be enabled for the new root certificate. | [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Version 2.1] of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy] added the requirement that SSL certificate issuance also be audited annually according to the BRs. This means that CAs with a root certificate included in Mozilla's Program that has the websites (SSL/TLS) trust bit enabled must have their SSL certificate issuance and operations audited annually according to the BRs. Additionally, any Certificate Authority being considered for root inclusion must have a Baseline Requirements audit performed if the websites trust bit is to be enabled for the new root certificate. | ||
This page provides further information about Mozilla's expectations regarding CA compliance with the BRs, and auditing according to the BRs. | This page provides further information about Mozilla's expectations regarding CA compliance with the BRs, and auditing according to the BRs. | ||