CA/Included Certificates: Difference between revisions

From MozillaWiki
< CA
Jump to navigation Jump to search
(report of CAs used to verify SSL/TLS servers)
(Change ccadb-public.secure.force.com to ccadb.my.salesforce-sites.com)
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Mozilla Included CA Certificate List =
= Mozilla Included CA Certificate List =


Mozilla products ship with a '''[https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt default list of Certification Authority (CA) certificates]'''.  
The Mozilla CA Certificate Program's list of included root certificates is stored in a file called [https://hg.mozilla.org/releases/mozilla-beta/file/tip/security/nss/lib/ckfw/builtins/certdata.txt certdata.txt] in the Mozilla source code management system.


* [https://mozillacaprogram.secure.force.com/CA/CACertificatesInFirefoxReport List of CAs that are used to verify certificates for SSL/TLS servers], including their geographic focus and company website.
If you are '''choosing a CA to provide a certificate for your website''', we have a list of [https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport all root certificates that Firefox trusts for SSL/TLS], together with contact information and geographical focus for the owning CA.
* [https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport Spreadsheet of all Included CA Certificates]
** [https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReportCSVFormat CSV Format of Spreadsheet of Included CA Certificates]
** [https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReportPEMCSV CSV Format of Spreadsheet of Included CA Certificates with PEM]


* Restrictions not encoded in [https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt certdata.txt] are listed on a best-effort basis here: https://wiki.mozilla.org/CA:Root_Store_Trust_Mods
If you are '''embedding our root store''', you need to know that we have imposed some restrictions on certain CAs or certificates which are not encoded in certdata.txt. These are [[CA/Additional_Trust_Changes|documented]] on a best-efforts basis.
 
<br /><br />
* [https://mozillacaprogram.secure.force.com/CA/UpcomingRootInclusionsReport Upcoming Root Inclusions]
<big>[https://www.ccadb.org/rootstores/usage#ccadb-data-usage-terms CCADB Data Usage Terms]</big>
** [https://mozillacaprogram.secure.force.com/CA/UpcomingRootInclusionsReportCSVFormat CSV Format of Report on Upcoming Root Inclusions]
* [[CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F|Can I use Mozilla's set of CA certificates?]]
 
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled] (TXT)
CAs are parties who are trusted to attest to the identity of websites. Mozilla has a rigorous process for CAs to request inclusion of their certificates, the details of which are described in the following:
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMCSV?TrustBitsInclude=Websites PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled] (CSV)
* [[CA|Process Overview]]
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Email PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled] (TXT)
* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy]
** [https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMCSV?TrustBitsInclude=Email PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled] (CSV)
* [[CA:FAQ | General Background and FAQ on CAs and the Mozilla process]]
* [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReport Included CA Certificates] (HTML)
* [[CA:How_to_apply | CA Inclusion Process in detail]]
* [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportCSVFormat Included CA Certificates] (CSV)
* [[CA:Schedule | Current queue of inclusion requests]]
* [https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportPEMCSV Included CA Certificates] (CSV with PEM of raw certificate data)
* [[CA:Overview | Other useful information]]
* [https://ccadb.my.salesforce-sites.com/mozilla/UpcomingRootInclusionsReport Root Inclusions in Progress] (HTML)
* [https://ccadb.my.salesforce-sites.com/mozilla/UpcomingRootInclusionsReportCSVFormat Root Inclusions in Progress] (CSV)

Latest revision as of 23:44, 22 May 2023

Mozilla Included CA Certificate List

The Mozilla CA Certificate Program's list of included root certificates is stored in a file called certdata.txt in the Mozilla source code management system.

If you are choosing a CA to provide a certificate for your website, we have a list of all root certificates that Firefox trusts for SSL/TLS, together with contact information and geographical focus for the owning CA.

If you are embedding our root store, you need to know that we have imposed some restrictions on certain CAs or certificates which are not encoded in certdata.txt. These are documented on a best-efforts basis.

CCADB Data Usage Terms

Retrieved from "https://wiki.allizom.org/index.php?title=CA/Included_Certificates&oldid=1246546"