All,
We recently added two tests that CAs must perform and resolve errors for
when they are requesting to enable the Websites trust bit for their root
certificate.
Test 1) Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for
the root certificate. Then click on the 'Search' button. Then click on
the 'Run cablint' link. All errors must be resolved/fixed.
Test 2) Browse to https://cert-checker.allizom.org/ and enter the test
website and click on the 'Browse' button to provide the PEM file for the
root certificate. Then click on 'run certlint'. All errors must be
resolved/fixed.
I added these to item #15 of
https://wiki.mozilla.org/CA:Information_checklist#Technical_information_about_each_root_certificate
This has sparked some discussions in Bugzilla Bugs that I think we
should move here to mozilla.dev.security.policy so that everyone may
benefit from the resulting decisions.
So, if you have feedback or questions about these new tests, please add
them here.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
