November 2017 CA Communication

ACTION 2: Ensure that your non-technically-constrained** intermediate certificates are disclosed in the CCADB within one week of certificate creation, and before any such subordinate CA is allowed to issue certificates, as described in Mozilla's Root Store Policy. ** Please see ACTION 1 regarding the change in what it means for a certificate to be technically-constrained. Any new intermediate certificate that is not added to the CCADB within the required time frame could be added to OneCRL. We would like to remind CAs that Mozilla's Root Store Policy says: "CAs SHOULD NOT assume that trust is transferable." And it is Mozilla's expectation that CAs will not be issuing many externally-operated non-technically-constrained intermediate certificates. We intend to update Mozilla's Root Store Policy to require CAs to notify Mozilla of all new externally-operated non-technically-constrained subordinate CAs before issuing such certificates. Discussion about this change will happen in the mozilla.dev.security.policy forum. Please confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
ACTION 2 COMMENTS Use this space to express concern or qualifications about Mozilla's requirement on disclosure of intermediate certificates.

CA Owner Response Response
AC Camerfirma, S.A. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Actalis Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Amazon Trust Services Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Asseco Data Systems S.A. (previously Unizeto Certum) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Atos Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Autoridad de Certificacion Firmaprofesional Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. All intermediate CAs externally-operated are either technically-constrained, audited, revoked or in the OneCRL
Buypass Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Certicámara Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We are waiting for the inclusion of the new root CA certificate, and it's associated intermediate hierarchy, that were issued because the change to SHA256.
Certinomis / Docapost Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
China Financial Certification Authority (CFCA) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Chunghwa Telecom Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
ComSign Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. All intermediate CAs issuing certificates are audited.
Cybertrust Japan / JCSI Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
D-TRUST Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We recommend to define best practises for issuing test certificates.
Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Dhimyotis / Certigna Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
DigiCert Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Disig, a.s. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
DocuSign (OpenTrust/Keynectis) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
E-Tugra Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
EDICOM Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Entrust Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. No comments.
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We have added all ourintermediate certificates to the CCADB.
GlobalSign Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
GoDaddy Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Google Trust Services LLC (GTS) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of Hong Kong (SAR), Hongkong Post, Certizen Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of Taiwan, Government Root Certification Authority (GRCA) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of The Netherlands, PKIoverheid (Logius) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
HARICA Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
IdenTrust Services, LLC Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Internet Security Research Group (ISRG) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Izenpe S.A. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Krajowa Izba Rozliczeniowa S.A. (KIR) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
LuxTrust Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Microsec Ltd. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We set up a new - ECC based - CA hierarchy with a new root and several intermediate CA-s this year. This new CA hierarchy is in the scope of our last ETSI audit. The inclusion of our new root to the Mozilla root program will be asked in Q1 2018. The intermediate CA-s under the new root will be registered in the CCADB after the inclusion of our new root. All other intermediate CA-s are already registered in CCADB.
NetLock Ltd. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. All the missing info was updated, we will keep our mind on this point specially in the future.
OISTE Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We didn't issue until now any externally-operated non-technically-constrained CAs. Existing intermediary certificates disclosed in the CCADB reflect the current situation, except for two WISeKey owned and operated CAs that are affected by the new policy for S/MIME capable CAs, which will be disclosed and audited, or revoked.
QuoVadis Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
SECOM Trust Systems CO., LTD. Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
SK ID Solutions AS Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
SSL.com Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Sectigo Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
SecureTrust Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
SwissSign AG Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Swisscom (Switzerland) Ltd Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. Swisscom does not issue externally-operated CAs.
T-Systems International GmbH (Deutsche Telekom) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Taiwan-CA Inc. (TWCA) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Telia Company (formerly TeliaSonera) Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
TrustCor Systems Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Trustis Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. We do not support cross certification of other intermediate CAs or externally operated intermediate CAs. The Issuing CA supports issuance of SSL/TLS certificates only and does not permit issuance of Intermediate certificates. Thus no issuing CAs signed by the FPS Root exist other than that disclosed.
TurkTrust Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Visa Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.
Web.com Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates. The "Network Solutions RSA Certificate Authority" (https://crt.sh/?caid=43342) and "Network Solutions ECC Certificate Authority" (https://crt.sh/?caid=43341) roots are currently trusted by the Microsoft Root Program as of January 2017. We are aware that Microsoft uses the CCADB and as a result, there should now exist CCADB records for the 2 roots mentioned above. Therefore, we now disclose the 6 intermediates to the CCADB.
certSIGN Check here to confirm that your CA understands the above listed requirements for disclosure of intermediate certificates.