All, We have added Audit Archiving to the Common CA Database (a.k.a. CA Community in Salesforce).
https://wiki.mozilla.org/CA:SalesforceCommunity#Audit_Archive ~~ As of December 13, 2016, audit statements for root certificates in the Common CA Database are archived. The CCADB will regularly run a program to determine which audit statement links have been updated, and download the pdf file as a permanent record. ~~ See wiki page for details ~~ Currently audit archiving is only for root certificate records. (I do plan on adding this to intermediate cert records in the future -- it's on my to-do list...) Here is a pageshot of the failed attempts to archive audit statements: https://pageshot.net/2yamFdLdegHH3CEu/na17.salesforce.com There are two problems that need to be solved: 1) Salesforce (in cloud) is using the default Java root store, which is smaller than Mozilla's root store. This accounts for the "sun.security.validator.ValidatorException: PKIX path building failed:" errors. We're not yet sure how to tell the Java program in the Salesforce cloud to use a different root store, so please point me in the right direction if any of you have dealt with this before. 2) The webtrust.org site is still using TLSv1.0, and Salesforce now requires TLSv1.1 or higher. We have implemented a work-around that will fail in March. Hopefully the webtrust.org site will be upgraded before then. I think the rest of the errors are just data that needs to be fixed -- the audit archive program needs the URLs to point to pdf files. I should be able to resolve the data problems within the next week or so. Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
