How to submit WebTrust audits in CCADB

Thu, 09 Aug 2018 16:20:02 -0700 

All,
In their effort to better protect WebTrust seals, CPA Canada has made it so we can no longer access WebTrust pdf files directly from the CCADB. 

I received the following response when inquiring about this.
“”
Thank you for contacting Chartered Professional Accountants of Canada.

You can no longer link directly to PDF documents. You will need to go to 
the registered website where the seal is provided and click on the seal 
to obtain the document (e.g. audit report).
Also, we are now enforcing the domain requirement when a seal is opened. 
 Domain enforcement is essential to the program to prevent fraudulent 
use. It ensures that the WebTrust seals will only function on the 
certificate authority’s websites.
If a seal is opened from a non-registered domain or other source (e.g. 
email, internal lists, etc.) the seal will not load and will display a 
notice indicating that the domain is not valid.

“”


Therefore, for the foreseeable future, please do the following when 
creating an Audit Case in the CCADB for WebTrust audits.



1) Make the PDFs of the audit statements available directly on your CA's 
website.

OR
Upload your audit statement PDF files to Bugzilla, as described here:
https://ccadb.org/cas/fields#uploading-documents


2) For the audit statement link in your CCADB Audit Case either provide 
the URL to the PDF on your CA's website, or use the link to the document 
in Bugzilla.



3) Add a Audit Case Comment to indicate the URL where the WebTrust seals 
may be found on your CA’s website.



4) When you run the Audit Letter Validation (ALV), you can ignore the 
“Cleaned=Fail” ALV result. I will check the seal on your website 
manually, and add a comment to the Audit Case.




Also, the cert.webtrust.org audit links that are currently in the root 
cert records and the intermediate cert records in the CCADB no longer 
work either. Fortunately we started archiving audit statements this 
year. So you can scroll down to the “File Archive…” section of the 
record, and you will be able to find the stored audit pdfs.


Thanks,
Kathleen


_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy






















					Reply via email to