MozillaWiki

CA: Difference between revisions

Page Discussion

CA (view source)

Revision as of 11:51, 2 May 2017

143 bytes added ,  2 May 2017
General cleanup
(Tidy up Discussion Forums section)
(General cleanup)
Line 1: Line 1:
== Mozilla's CA Certificate Program ==
== Mozilla's CA Certificate Program ==


Mozilla’s CA Certificate Program governs inclusion of root certificates in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.
Mozilla’s CA Certificate Program governs inclusion of root [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates certificates] in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products.
 
* [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates About Web PKI x509 Certificates]
 
== Override Default Root Certificate Settings ==
 
Users of Mozilla products may override the default root certificate settings by either deleting the root certificate or by changing the trust bit settings of a root certificate.
 
* [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.


== Policy ==
== Policy ==


* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Certificate Policy] (current version, 2.4.1)
* [http://www.mozilla.org/projects/security/certs/policy/ Root Store Policy] (current stable version: 2.4.1)
** [https://github.com/mozilla/pkipolicy/issues CA Certificate Policy Issue Tracker]
* [[CA:Communications | CA Communications]] and their responses. Such communications may also set policy in advance of it being included in the Root Store Policy.
* [[CA:BaselineRequirements|Baseline Requirements Compliance]]: Mozilla's expectations regarding compliance with the CA/Browser Forum's [https://cabforum.org/baseline-requirements-documents/ Baseline Requirements]
* [https://github.com/mozilla/pkipolicy/issues Root Store Policy Issue Tracker]
* [[CA:RootTransferPolicy|Root Transfer Policy]]: Mozilla's expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location
* [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md Latest draft of Root Store Policy] (will become the next version)
 
* [[CA:CertPolicy|Older versions of the Root Store Policy]]
You can also read about [[CA:CertPolicy|old versions of the policy and the policy update process]].
* [[CA:BaselineRequirements|Baseline Requirements Compliance]]: Mozilla's expectations regarding compliance with the CA/Browser Forum's [https://cabforum.org/baseline-requirements-documents/ Baseline Requirements].
* [[CA:RootTransferPolicy|Root Transfer Policy]]: Mozilla's expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location.  


== Lists of CAs and Certificates ==
== Lists of CAs and Certificates ==
Line 25: Line 18:
* [[CA:RemovedCAcerts|Removed CA Certificates]]
* [[CA:RemovedCAcerts|Removed CA Certificates]]
* [[CA:PendingCAs|Pending CA Certificates]] or certificate trust bit/EV status changes
* [[CA:PendingCAs|Pending CA Certificates]] or certificate trust bit/EV status changes
** [[CA/Dashboard|CA Request Dashboard]]
* [[CA/Dashboard|CA Request Dashboard]] - tracks applications through the process
* [[CA:SubordinateCAcerts|Public Intermediate (Subordinate) CA Certificates]]
* [[NSS:Release_Versions | NSS:Release_Versions]] shows which product versions a particular root inclusion request was first available in
* [[CA:RevokedSubCAcerts|Revoked Intermediate (Subordinate) CA Certificates]]
* [[CA:SubordinateCAcerts|Public Intermediate Certificates]]
 
* [[CA:RevokedSubCAcerts|Revoked Intermediate Certificates]]
 
* [[NSS:Release_Versions | NSS:Release_Versions]] -- Mapping of Root Cert Inclusion Bugs to Mozilla Product Releases
 
== CA Communications ==
 
* [[CA:Communications | Communications sent to CAs]] and their responses


== Common CA Database (aka CA Community in Salesforce) ==
== Common CA Database (aka CA Community in Salesforce) ==
Line 52: Line 39:
* CA Mis-Issuance Bugs: https://wiki.mozilla.org/CA/ca-bugs
* CA Mis-Issuance Bugs: https://wiki.mozilla.org/CA/ca-bugs
* Whiteboard tags used in the CA Program https://wiki.mozilla.org/CA_Bug_Triage
* Whiteboard tags used in the CA Program https://wiki.mozilla.org/CA_Bug_Triage
== Override Default Root Certificate Settings ==
Users of Mozilla products may override the default root certificate settings by either deleting the root certificate or by changing the trust bit settings of a root certificate.
* [[CA:UserCertDB|User Root Certificate Settings]] -- How to override the default root settings in Mozilla products.


== How to Apply for Root Inclusion or Changes ==
== How to Apply for Root Inclusion or Changes ==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1169949"