CA:Root Certificate Requests: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 6: | Line 6: | ||
<ol> | <ol> | ||
<li> Read through [http://www.mozilla.org/projects/security/certs/policy/index.html Mozilla CA certificate policy] to determine if your CA is eligible and to learn all the requirements for the certificate to be included in Mozilla products.</li> | <li> Read through [http://www.mozilla.org/projects/security/certs/policy/index.html Mozilla CA certificate policy] to determine if your CA is eligible and to learn all the requirements for the certificate to be included in Mozilla products.</li> | ||
<li> Read through the [https://wiki.mozilla.org/CA:How_to_apply How to Apply] wiki page for a full description of the phases of the inclusion process, recommended practices, and potentially problematic practices.</li> | |||
<li> If you don't already have an account with Mozilla's bug and enhancement request tracking system [https://bugzilla.mozilla.org/ bugzilla.mozilla.org], then [https://bugzilla.mozilla.org/createaccount.cgi register for an account]. </li> | <li> If you don't already have an account with Mozilla's bug and enhancement request tracking system [https://bugzilla.mozilla.org/ bugzilla.mozilla.org], then [https://bugzilla.mozilla.org/createaccount.cgi register for an account]. </li> | ||
<li> Create an bug in the bug tracking system, by clicking [https://bugzilla.mozilla.org/enter_bug.cgi?alias=&assigned_to=hecker%40hecker.org&blocked=&bug_file_loc=&bug_severity=enhancement&bug_status=NEW&comment=CA%20Details%0D%0A----------%0D%0A%0D%0ACA%20Name%3A%0D%0AWebsite%3A%0D%0AOne%20Paragraph%20Summary%20of%20CA%2C%20including%20the%20following%3A%0D%0A%20-%20General%20nature%20%28e.g.%2C%20commercial%2C%20government%2C%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20academic%2Fresearch%2C%20nonprofit%29%0D%0A%20-%20Primary%20geographical%20area%28s%29%20served%0D%0A%20-%20Number%20and%20type%20of%20subordinate%20CAs%0D%0AAudit%20Type%20%28WebTrust%2C%20ETSI%20etc.%29%3A%0D%0AAuditor%3A%0D%0AAuditor%20Website%3A%0D%0AAudit%20Document%20URL%28s%29%3A%0D%0AURL%20of%20certificate%20hierarchy%20diagram%3A%0D%0A%0D%0ACertificate%20Details%0D%0A-------------------%0D%0A%28To%20be%20completed%20once%20for%20each%20certificate%3B%20note%20that%20we%20only%20include%20root%0D%0Acertificates%20in%20the%20store%2C%20not%20intermediates.%29%0D%0A%0D%0ACertificate%20Name%3A%0D%0ASummary%20Paragraph%2C%20including%20the%20following%3A%0D%0A%20-%20End%20entity%20certificate%20issuance%20policy%2C%0D%0A%20%20i.e.%20what%20you%20plan%20to%20do%20with%20the%20root%0D%0ACertificate%20download%20URL%20%28on%20CA%20website%29%3A%0D%0AVersion%3A%0D%0ASHA1%20Fingerprint%3A%0D%0APublic%20key%20length%20%28for%20RSA%2C%20modulus%20length%29%20in%20bits%3A%0D%0AValid%20From%20%28YYYY-MM-DD%29%3A%0D%0AValid%20To%20%20%20%28YYYY-MM-DD%29%3A%0D%0ACRL%20HTTP%20URL%3A%0D%0ACRL%20issuing%20frequency%20for%20subordinate%20end-entity%20certificates%3A%0D%0ACRL%20issuing%20frequency%20for%20subordinate%20CA%20certificates%3A%0D%0AOCSP%20URL%3A%0D%0AClass%20%28domain-validated%2C%20identity%2Forganizationally-validated%20or%20EV%29%3A%0D%0ACertificate%20Policy%20URL%3A%0D%0ACPS%20URL%3A%0D%0ARequested%20Trust%20Indicators%20%28email%20and%2For%20SSL%20and%2For%20code%20signing%29%3A%0D%0AURL%20of%20example%20website%20using%20certificate%20subordinate%20to%20this%20root%20%0D%0A%28if%20applying%20for%20SSL%29%3A%0D%0A&component=CA%20Certificates&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&dependson=&description=&flag_type-335=X&flag_type-378=X&flag_type-390=X&flag_type-4=X&flag_type-7=X&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=--&product=mozilla.org&qa_contact=ca-certificates%40mozilla-org.bugs&rep_platform=All&short_desc=add%20%28Your%20CA%20Name%29%20root%20CA%20certificate&target_milestone=---&version=other this link]. Fill in the template in the textbox with the details of your CA and your root(s). There is one section requesting information about the CA itself, and one section that should be repeated for each of the Root CA certificates that you wish to have included in Mozilla products. Feel free to expand any answer area as needed. </li> | <li> Create an bug in the bug tracking system, by clicking [https://bugzilla.mozilla.org/enter_bug.cgi?alias=&assigned_to=hecker%40hecker.org&blocked=&bug_file_loc=&bug_severity=enhancement&bug_status=NEW&comment=CA%20Details%0D%0A----------%0D%0A%0D%0ACA%20Name%3A%0D%0AWebsite%3A%0D%0AOne%20Paragraph%20Summary%20of%20CA%2C%20including%20the%20following%3A%0D%0A%20-%20General%20nature%20%28e.g.%2C%20commercial%2C%20government%2C%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20academic%2Fresearch%2C%20nonprofit%29%0D%0A%20-%20Primary%20geographical%20area%28s%29%20served%0D%0A%20-%20Number%20and%20type%20of%20subordinate%20CAs%0D%0AAudit%20Type%20%28WebTrust%2C%20ETSI%20etc.%29%3A%0D%0AAuditor%3A%0D%0AAuditor%20Website%3A%0D%0AAudit%20Document%20URL%28s%29%3A%0D%0AURL%20of%20certificate%20hierarchy%20diagram%3A%0D%0A%0D%0ACertificate%20Details%0D%0A-------------------%0D%0A%28To%20be%20completed%20once%20for%20each%20certificate%3B%20note%20that%20we%20only%20include%20root%0D%0Acertificates%20in%20the%20store%2C%20not%20intermediates.%29%0D%0A%0D%0ACertificate%20Name%3A%0D%0ASummary%20Paragraph%2C%20including%20the%20following%3A%0D%0A%20-%20End%20entity%20certificate%20issuance%20policy%2C%0D%0A%20%20i.e.%20what%20you%20plan%20to%20do%20with%20the%20root%0D%0ACertificate%20download%20URL%20%28on%20CA%20website%29%3A%0D%0AVersion%3A%0D%0ASHA1%20Fingerprint%3A%0D%0APublic%20key%20length%20%28for%20RSA%2C%20modulus%20length%29%20in%20bits%3A%0D%0AValid%20From%20%28YYYY-MM-DD%29%3A%0D%0AValid%20To%20%20%20%28YYYY-MM-DD%29%3A%0D%0ACRL%20HTTP%20URL%3A%0D%0ACRL%20issuing%20frequency%20for%20subordinate%20end-entity%20certificates%3A%0D%0ACRL%20issuing%20frequency%20for%20subordinate%20CA%20certificates%3A%0D%0AOCSP%20URL%3A%0D%0AClass%20%28domain-validated%2C%20identity%2Forganizationally-validated%20or%20EV%29%3A%0D%0ACertificate%20Policy%20URL%3A%0D%0ACPS%20URL%3A%0D%0ARequested%20Trust%20Indicators%20%28email%20and%2For%20SSL%20and%2For%20code%20signing%29%3A%0D%0AURL%20of%20example%20website%20using%20certificate%20subordinate%20to%20this%20root%20%0D%0A%28if%20applying%20for%20SSL%29%3A%0D%0A&component=CA%20Certificates&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&dependson=&description=&flag_type-335=X&flag_type-378=X&flag_type-390=X&flag_type-4=X&flag_type-7=X&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=--&product=mozilla.org&qa_contact=ca-certificates%40mozilla-org.bugs&rep_platform=All&short_desc=add%20%28Your%20CA%20Name%29%20root%20CA%20certificate&target_milestone=---&version=other this link]. Fill in the template in the textbox with the details of your CA and your root(s). There is one section requesting information about the CA itself, and one section that should be repeated for each of the Root CA certificates that you wish to have included in Mozilla products. Feel free to expand any answer area as needed. </li> | ||
Revision as of 22:47, 28 July 2009
If you are an official representative of a Certificate Authority and you wish to apply to have your CA's root certificate(s) included in Mozilla products, you should do the steps shown below.
Essential Steps
- Read through Mozilla CA certificate policy to determine if your CA is eligible and to learn all the requirements for the certificate to be included in Mozilla products.
- Read through the How to Apply wiki page for a full description of the phases of the inclusion process, recommended practices, and potentially problematic practices.
- If you don't already have an account with Mozilla's bug and enhancement request tracking system bugzilla.mozilla.org, then register for an account.
- Create an bug in the bug tracking system, by clicking this link. Fill in the template in the textbox with the details of your CA and your root(s). There is one section requesting information about the CA itself, and one section that should be repeated for each of the Root CA certificates that you wish to have included in Mozilla products. Feel free to expand any answer area as needed.
- Submit your enhancement request and note the bug number.
- Watch your email mailbox for email from bugzilla-daemon@mozilla.org containing additional requests for information.
Manual bug entry
The link above should do all the following work for you. However, if there is some reason that you need to do it all manually, please proceed as follows.
Click this link to begin creating an enhancement request bug in the bug tracking system, requesting that your CA's root certs be added to Mozilla products.
The form for the Enhancement request should be filled out with these values:
Reporter: (your account email address) Product: mozilla.org Version: Other Component: CA Certificates Severity: Enhancement Platform: ALL OS: ALL Summary: Add (your CA name) Root Certificate Description: (see below)
In the Description box, copy and past the boilerplate shown below, and then fill it in with your CA's details. There is one section below requesting information about the CA itself, and one section that should be repeated for each of the Root CA certificates that you wish to have included in Mozilla products. Feel free to expand any answer area as needed.
CA Details ---------- CA Name: [ ] Website URL: [http:// ] CA Summary: [ A one Paragraph Summary of your CA, ] [ including the following: ] [ - General nature (e.g., commercial, government, ] [ academic/research, nonprofit) ] [ - Primary geographical area(s) served ] [ - Number and type of subordinate CAs ] Audit Type (WebTrust, ETSI etc.): [ ] Auditor: [ ] Auditor Website URL: [http:// ] Audit Document URL(s): [http:// ] [http:// ] URL of certificate hierarchy diagram (if available): [http:// ] Certificate Details ------------------- (To be completed once for each root certificate; note that we only include root certificates in the store, not intermediates.) Certificate Name: [ a short name, 60 characters max, no ':' ] Summary Paragraph: [ including the following: ] [ - End entity certificate issuance policy, ] [ i.e. what you plan to do with the root ] Root certificate download URL (on CA website): [http:// ] [alternatively, paste a copy of the certificate in "PEM" format ] Certificate SHA1 Fingerprint (in hexadecimal): [ XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX ] Key size (for RSA, modulus length) in bits: [ ] Valid From (YYYY-MM-DD): [ ] Valid To (YYYY-MM-DD): [ ] CRL HTTP URL (if any): [http:// ] CRL issuing frequency for subordinate CA certificates: [ days ] CRL issuing frequency for subordinate EE certificates: [ days ] OCSP responder URL (if any): [http:// ] Class: [domain-validated, identity/organizationally-validated or EV ] Certificate Policy URL: [http:// ] CPS URL: [http:// ] Requested Trust Indicators: [ email and/or SSL and/or code signing ] URL of a sample website using a certificate chained to this root (if applying for SSL): [https:// ]