CA/Information Checklist: Difference between revisions

CA/Information Checklist (view source)

45 bytes added , 11 February 2016

m

cleanup in Test section

Confirmed users, Administrators

5,526

edits

@@ Line 112: / Line 112: @@
 #* If requesting to enable the Websites (SSL/TLS) trust bit, then you must perform all of the following tests
 #** Revocation: Browse to http://certificate.revocationcheck.com/ and enter the Test Website URL. Make sure there are no errors listed in the output.
-#** The CA MUST check that they are not issuing certs that violate any of the [https://cabforum.org/baseline-requirements/ CA/Browser Forum Baseline Requirements] (BRs). Mozilla WILL check that the CA is not issuing certs that violate any of the BRs by:
+#** The CA MUST check that they are not issuing certificates that violate any of the [https://cabforum.org/baseline-requirements/ CA/Browser Forum Baseline Requirements] (BRs). Mozilla WILL check that the CA is not issuing certificates that violate any of the BRs by performing the following tests.
 #*** CA/Browser Forum Compliance: Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for the root certificate. Then click on the 'Search' button. Then click on the 'Run cablint' link. All errors must be resolved/fixed. Warnings should also be either resolved or explained.
 #*** Cert chain of test website: Browse to https://cert-checker.allizom.org/ and enter the test website and click on the 'Browse' button to provide the PEM file for the root certificate. Then click on 'run certlint'. All errors must be resolved/fixed. Warnings should also be either resolved or explained.