CA/Intermediate Certificates: Difference between revisions
(updated urls for CCADB) |
(new reports for 'Ready to Add' to OneCRL) |
||
| Line 14: | Line 14: | ||
* [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedCSVFormat Revoked Intermediate CA Certificates] (CSV) | * [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedCSVFormat Revoked Intermediate CA Certificates] (CSV) | ||
* [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedWithPEMCSV Revoked Intermediate CA Certificates] (CSV with PEM of raw certificate data) | * [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedWithPEMCSV Revoked Intermediate CA Certificates] (CSV with PEM of raw certificate data) | ||
The following reports list the intermediate certs that are ready to be added to OneCRL. Some non-revoked intermediate certs are added to OneCRL because they are not intended to be used for SSL/TLS. | |||
* [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRL Intermediate CA Certificates Ready to Add to OneCRL] | |||
* [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRLPEMCSV Intermediate CA Certificates Ready to Add to OneCRL (CSV with PEM)] | |||
Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the revoked intermediates in the above report. | Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the revoked intermediates in the above report. | ||
Revision as of 18:04, 9 October 2017
Intermediate Certificates
CAs are required to provide the data for all of their publicly disclosed and audited intermediate certificates which chain up to root certificates in Mozilla's program. They do this using the CCADB.
The following reports are generated once per day and include valid intermediates and expired intermediates but not revoked intermediates:
- Intermediate CA Certificates (HTML)
- Intermediate CA Certificates (CSV)
- Intermediate CA Certificates (CSV with PEM of raw certificate data)
The following reports list revoked intermediates:
- Revoked Intermediate CA Certificates (HTML)
- Revoked Intermediate CA Certificates (CSV)
- Revoked Intermediate CA Certificates (CSV with PEM of raw certificate data)
The following reports list the intermediate certs that are ready to be added to OneCRL. Some non-revoked intermediate certs are added to OneCRL because they are not intended to be used for SSL/TLS.
- Intermediate CA Certificates Ready to Add to OneCRL
- Intermediate CA Certificates Ready to Add to OneCRL (CSV with PEM)
Firefox (version 37 and later) uses the OneCRL system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the revoked intermediates in the above report.