All, The CCADB update to support multiple full CRL URLs (among other items) is now complete. CA Owner access to the CCADB has been restored.
This update: - Added a new editable `JSON Array of all Full CRL URLs` field to certificate records that allows for a JSON array whose elements are the set of distinct full CRLDP URLs appearing in time-valid certificates issued by the CA. The existing `Full CRL Issued By This CA` field is now read only and automatically conveys the first URL presented in the new `JSON Array of all Full CRL URLs` field. Validation for these CRL related fields will enforce proper JSON array formatting. The ‘JSON Array of All Full CRL URLs’ field previously included the word ‘expired’ when a certificate was expired and ‘revoked’ when a certificate was revoked. However, these terms are no longer reflected. The Field Types and Valid Values <https://www.ccadb.org/cas/fields> page on ccadb.org was updated. - Updated the AddUpdateIntermediateCertAPI <https://github.com/mozilla/CCADB-Tools/tree/master/API_AddUpdateIntermediateCert> readme to support the new `JSON Array of all Full CRL URLs` field and deprecated `Full CRL Issued By This CA`. - Added new `Automation Solution Attestation` and `Public Test Infrastructure URL` fields for root certificate records; these fields can be updated via the "Add/Update Root Request" case UI. - Added an `Apple Root Program Policy Agreement` field to the Apple tab of the “Root Inclusion Request” case UI. - Introduced a short time delay when saving certificate record information to help avoid creating multiple identical Non-Audit Document records. - Updated the `Subordinate CA Owner` tooltip to align with CCADB Policy Version 2.1. During this update, values from the existing `Full CRL Issued By This CA` field were used to populate the new `JSON Array of all Full CRL URLs` field. CA Owners are responsible for maintaining the values for the `JSON Array of all Full CRL URLs` and `JSON Array of Partitioned CRL URLs` going forward. Please continue to contact CCADB Support ([email protected]) with any questions regarding the CCADB. Thank you -Chris, on behalf of the CCADB Steering Committee On Mon, Mar 16, 2026 at 1:07 PM Chris Clements <[email protected]> wrote: > All, > > On March 20, 2026, the CCADB will be updated to support multiple full CRL > URLs, among other things described in detail below. > > The CCADB will be unavailable to CA Owners from March 19, 2026, at > approximately 08:00PM PT, until March 20, 2026, at approximately 10:00AM PT. > > The new functionality should: > > - Add a new editable `JSON Array of all Full CRL URLs` field to > certificate records that allows for a JSON array whose elements are the set > of distinct full CRLDP URLs appearing in time-valid certificates issued by > the CA. The existing `Full CRL Issued By This CA` field will become read > only and will automatically convey the first URL presented in the new `JSON > Array of all Full CRL URLs` field. Validation for these CRL related fields > will enforce proper JSON array formatting. The ‘JSON Array of All Full CRL > URLs’ field previously included the word ‘expired’ when a certificate was > expired and ‘revoked’ when a certificate was revoked. However, after this > release, these terms will no longer be reflected. > - Update the AddUpdateIntermediateCertAPI to support the new `JSON > Array of all Full CRL URLs` field and depreciate `Full CRL Issued By This > CA`. > - Add new `Automation Solution Attestation` and `Public Test > Infrastructure URL` fields for root certificate records; these fields can > be updated via the "Add/Update Root Request" case UI. > - Add an `Apple Root Program Policy Agreement` field to the Apple tab > of the “Root Inclusion Request” case UI. > - Introduce a short time delay when saving certificate record > information to help avoid creating multiple identical Non-Audit Document > records. > - Update the `Subordinate CA Owner` tooltip to align with CCADB Policy > Version 2.1. > > During this update, values from the existing `Full CRL Issued By This CA` > field will populate the new `JSON Array of all Full CRL URLs` field. CA > Owners do not need to take action during the update. Once the update is > complete, CA Owners will be responsible for maintaining the values for the > `JSON Array of all Full CRL URLs` and `JSON Array of Partitioned CRL URLs`. > > We will send a copy of this message to all CA Owners in the CCADB and plan > to send another message here upon completing the update. > > Thank you > -Chris, on behalf of the CCADB Steering Committee > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mDBwc%3DBGu9uE_chkCgvU165JvxM5BagEDsGGWhdswAMGw%40mail.gmail.com.
