Confirm
610
edits
Changes
Create initial page
=== CA Recommended Practices ===
This page contains a draft set of recommended practices for CAs wishing to have their root CA certificates included in Mozilla products. In some cases these practices are specified or implied by the [http://www.mozilla.org/projects/security/certs/policy Mozilla CA certificate policy], and are mandatory for a CA to have its root certificate(s) included. In other cases the recommended practices are not mandatory per policy, but will help speed up a CA's application for inclusion and maximize the chances of its application being approved.
Recommended practices:
* CAs should supply a complete Certification Practice Statement (CPS) containing sufficient information to determine whether and how the CA complies with the Mozilla policy requirements.
** The CPS should be publicly available from the CA's official web site.
** The format of the CPS document should be PDF or another suitable format for reading documents. CAs should ''not'' use Microsoft Word or other formats intended primarily for editable documents.
** The CPS should be available in an English version.
* CAs should supply evidence of their being evaluated according to one or more of the criteria accepted as suitable per the Mozilla policy.
** All documents supplied as evidence should be publicly available.
** Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site.)
This page contains a draft set of recommended practices for CAs wishing to have their root CA certificates included in Mozilla products. In some cases these practices are specified or implied by the [http://www.mozilla.org/projects/security/certs/policy Mozilla CA certificate policy], and are mandatory for a CA to have its root certificate(s) included. In other cases the recommended practices are not mandatory per policy, but will help speed up a CA's application for inclusion and maximize the chances of its application being approved.
Recommended practices:
* CAs should supply a complete Certification Practice Statement (CPS) containing sufficient information to determine whether and how the CA complies with the Mozilla policy requirements.
** The CPS should be publicly available from the CA's official web site.
** The format of the CPS document should be PDF or another suitable format for reading documents. CAs should ''not'' use Microsoft Word or other formats intended primarily for editable documents.
** The CPS should be available in an English version.
* CAs should supply evidence of their being evaluated according to one or more of the criteria accepted as suitable per the Mozilla policy.
** All documents supplied as evidence should be publicly available.
** Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site.)
