Confirmed users, Administrators
5,526
edits
CA/CertificatePolicyV2.1: Difference between revisions
m
→About Mozilla's CA Certificate Policy Version 2.1
| Line 11: | Line 11: | ||
Version 2.1 of [http://www.mozilla.org/projects/security/certs/policy Mozilla's CA Certificate Policy] was published on February 14, 2013. | Version 2.1 of [http://www.mozilla.org/projects/security/certs/policy Mozilla's CA Certificate Policy] was published on February 14, 2013. | ||
Certificates issued before February 15, 2013, must at least meet the requirements of [ | Certificates issued before February 15, 2013, must at least meet the requirements of [[CA:CertificatePolicyV2.0 | Version 2.0 of Mozilla's CA Certificate Policy.]] | ||
Any Certificate Authority requesting root inclusion after February 15, 2013 must comply with [http://www.mozilla.org/projects/security/certs/policy Version 2.1 of Mozilla's CA Certificate Policy.] | Any Certificate Authority requesting root inclusion after February 15, 2013 must comply with [http://www.mozilla.org/projects/security/certs/policy Version 2.1 of Mozilla's CA Certificate Policy.] | ||
| Line 20: | Line 20: | ||
[http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] adds the requirement that SSL certificate issuance also be audited according to the CA/Browser Forum's Baseline Requirements. CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014. | [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] adds the requirement that SSL certificate issuance also be audited according to the CA/Browser Forum's Baseline Requirements. CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014. | ||
Audits performed for audit periods commencing before February 15, 2013, must be performed at least according to the criteria listed in [ | Audits performed for audit periods commencing before February 15, 2013, must be performed at least according to the criteria listed in [[CA:CertificatePolicyV2.0 | Version 2.0 of Mozilla's CA Certificate Policy.]] Additionally, if SSL certificates are issued, audits performed for audit periods commencing before February 15, 2013, must also be performed according to the Baseline Requirements audit criteria (WebTrust SSL Baseline Requirements Audit Criteria V.1.1, or ETSI TS 102 042 V2.3.1 DVCP and OVCP) as to CA operations occurring on or after February 15, 2013. If the Baseline Requirements audit would only apply to 120 days or less, then a Point in Time audit may be performed. At the CA's option, the Baseline Requirements audit may cover the entire audit period. | ||
Audits performed for audit periods commencing on or after February 15, 2013, must be performed according to the criteria listed in [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] as to all CA operations during the audit period. | Audits performed for audit periods commencing on or after February 15, 2013, must be performed according to the criteria listed in [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] as to all CA operations during the audit period. | ||