CA/Subordinate CA Checklist: Difference between revisions

CA/Subordinate CA Checklist (view source)

29 bytes added , 17 May 2012

m

Confirmed users, Administrators

5,526

edits

@@ Line 72: / Line 72: @@
 #* OV: Both the Organization and the ownership/control of the Domain Name are verified.
 # Review the CP/CPS for [http://wiki.mozilla.org/CA:Problematic_Practices Potentially Problematic Practices.] Provide further info when a potentially problematic practice is found.
-# If the root CA audit does not include this sub-CA, then for this sub-CA provide a publishable statement or letter from an auditor that meets the requirements of sections 8, 9, and 10 of our [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA certificate policy.]
+# If the root CA audit does not include this sub-CA, then for this sub-CA provide a publishable statement or letter from an auditor that meets the requirements of sections 9, 10, and 11 of [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html Mozilla's CA Certificate Inclusion policy.]
 # Provide information about the CRL update frequency for end-entity certificates. There should be a statement in the CP/CPS that the sub-CA must follow to the effect that the CRL for end-entity certs is updated whenever a cert is revoked, and at least every 24 or 36 hours.
 # If this sub-CA provides OCSP, then a test must be done to make sure that their OCSP responder works within the Firefox browser. Provide the url to a website whose SSL cert chains up to this sub-CA and has the AIA extension referencing the OCSP responder. The Mozilla representative will perform the following check: