Revision as of 17:20, 20 November 2019

Intermediate Certificates

CAs are required to provide the data for all of their publicly disclosed and audited intermediate certificates which chain up to root certificates in Mozilla's program. They do this using the CCADB.

The following reports are generated once per day and include valid intermediate certificates and expired intermediate certificates but not revoked intermediate certificates:

Intermediate CA Certificates (HTML)
Intermediate CA Certificates (CSV)
Intermediate CA Certificates (CSV with PEM of raw certificate data)
Non-revoked, non-expired Intermediate CA Certificates chaining up to roots in Mozilla's program with the Websites trust bit set (CSV with PEM of raw certificate data)
Intermediate CA Certificates with their own audit statements (HTML)
Intermediate CA Certificates with their own audit statements (CSV)

The following reports list revoked intermediate certificates:

Revoked Intermediate CA Certificates (HTML)
Revoked Intermediate CA Certificates (CSV)
Revoked Intermediate CA Certificates (CSV with PEM of raw certificate data)

The following reports list the intermediate certificates that are ready to be added to OneCRL. Some non-revoked intermediate certificates are added to OneCRL because they are not intended to be used for SSL/TLS.

Intermediate CA Certificates Ready to Add to OneCRL (HTML)
Intermediate CA Certificates Ready to Add to OneCRL (CSV with PEM of raw certificate data)

The following reports list the intermediate certificates that have been added to OneCRL, and their revocation status as indicated by the CA in the CCADB.

Intermediate CA Certificates in OneCRL (HTML)
Intermediate CA Certificates in OneCRL (CSV)

Firefox (version 37 and later) uses the OneCRL system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the intermediate certificates in the above report.

@@ Line 3: / Line 3: @@
 [[CA/Included_Certificates|CAs]] are required to provide the data for all of their [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|publicly disclosed and audited intermediate certificates]] which chain up to root certificates in Mozilla's program. They do this using the [[CA:SalesforceCommunity|CCADB]].
-The following reports are '''generated once per day''' and include valid intermediates and expired intermediates but not revoked intermediates:
+The following reports are '''generated once per day''' and include valid intermediate certificates and expired intermediate certificates but not revoked intermediate certificates:
 * [https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCerts Intermediate CA Certificates] (HTML)
@@ Line 12: / Line 12: @@
 * [https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAuditsCSV Intermediate CA Certificates with their own audit statements] (CSV)
-The following reports list revoked intermediates:
+The following reports list revoked intermediate certificates:
 * [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevoked Revoked Intermediate CA Certificates] (HTML)
@@ Line 18: / Line 18: @@
 * [https://ccadb-public.secure.force.com/mozilla/PublicIntermediateCertsRevokedWithPEMCSV Revoked Intermediate CA Certificates] (CSV with PEM of raw certificate data)
-The following reports list the intermediate certs that are ready to be added to OneCRL. Some non-revoked intermediate certs are added to OneCRL because they are not intended to be used for SSL/TLS.
+The following reports list the intermediate certificates that are ready to be added to OneCRL. Some non-revoked intermediate certificates are added to OneCRL because they are not intended to be used for SSL/TLS.
 * [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRL Intermediate CA Certificates Ready to Add to OneCRL] (HTML)
 * [https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRLPEMCSV Intermediate CA Certificates Ready to Add to OneCRL] (CSV with PEM  of raw certificate data)
-Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the revoked intermediates in the above report.
+The following reports list the intermediate certificates that have been added to OneCRL, and their revocation status as indicated by the CA in the CCADB.
+* [http://ccadb-public.force.com/mozilla/IntermediateCertsInOneCRLReport Intermediate CA Certificates in OneCRL] (HTML)
+* [http://ccadb-public.force.com/mozilla/IntermediateCertsInOneCRLReportCSV Intermediate CA Certificates in OneCRL] (CSV)
+Firefox (version 37 and later) uses the [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] system, which pushes a list of revoked certificates to the browser. It includes (or should include) all the intermediate certificates in the above report.
 * [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records OneCRL Raw Data]
-* [https://crt.sh/mozilla-onecrl OneCRL data table with links to each certificate in crt.sh and the corresponding Bugzilla bugs]
+* [https://crt.sh/mozilla-onecrl OneCRL data table with links to each certificate in crt.sh]

CA/Intermediate Certificates: Difference between revisions

Revision as of 17:20, 20 November 2019

Intermediate Certificates

Navigation menu

CA/Intermediate Certificates: Difference between revisions

Revision as of 17:20, 20 November 2019

Intermediate Certificates

Navigation menu

Search