Hi Peter, Here is the wiki reference that states which Intermediate CAs should be included in salesforce:
https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F I think Kathleen has captured all cases and the instructions are clear. It should also be straightforward to script and get a perfect match of what should be included in salesforce. Best regards, Dimitris. On 28/4/2016 7:25 πμ, Peter Bowen wrote: > Here is a Google Spreadsheet without the subordinates that have EKU > restrictions. I didn't match to SalesForce, so most of these are > probably already in there. > > https://docs.google.com/spreadsheets/d/14lO33nW-tTN86Vq_urmI6IAIWRPZgd1KKfzvrLk5TZQ/edit?usp=sharing > > On Wed, Apr 27, 2016 at 6:11 PM, Wayne Thayer <[email protected]> wrote: >> My understanding is that CAs are not to add CAs with an EKU extension that >> doesn't include anyEKU or serverAuth, but this list appears to include those? >> >> Thanks, >> >> Wayne >> >>> -----Original Message----- >>> From: dev-security-policy [mailto:dev-security-policy- >>> [email protected]] On Behalf Of Richard >>> Barnes >>> Sent: Wednesday, April 27, 2016 5:16 PM >>> To: [email protected] >>> Cc: Zakir Durumeric <[email protected]> >>> Subject: Undisclosed CA certificates >>> >>> Dear CAs, >>> >>> As you guys are working toward the June 30 deadline for disclosing >>> intermediate certificates in SalesForce, I thought I would share some notes >>> on the undisclosed certificates that we're seeing, so that you can make sure >>> you get them all uploaded. >>> >>> Zakir Durumeric from UMich/Censys.io has helpfully compiled a list of CA >>> certificates that have been observed in Censys scans of the Internet, and >>> noted which of those certificates are not in SalesForce so far. >>> >>> I've posted the list here for your reference: >>> https://gist.github.com/bifurcation/bf994d9fc3753f78472da8233da1fe52 >>> >>> Note that this list is static, so if you add a certificate to SalesForce, >>> it won't >>> instantly disappear from this list. But we'll try to update it every so >>> often as >>> we approach June 30, and will notify this list when we do. >>> >>> Cheers, >>> --Richard >>> _______________________________________________ >>> dev-security-policy mailing list >>> [email protected] >>> https://lists.mozilla.org/listinfo/dev-security-policy >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
