January 2020 CA Communication

ACTION 3: Include EKUs in All End-entity Certificates Beginning on 1-July, 2020, section 5.2 of Mozilla's Root Store Policy states that new end-entity certificates MUST include an EKU extension containing KeyPurposeId(s) describing the intended usage(s) of the certificate, and the EKU extension MUST NOT contain the KeyPurposeId anyExtendedKeyUsage.
ACTION 3 COMMENTS
ACTION 3 DATE

CA Owner Response Response Response
AC Camerfirma, S.A. All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Actalis All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Amazon Trust Services All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Asseco Data Systems S.A. (previously Unizeto Certum) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Atos All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Autoridad de Certificacion Firmaprofesional All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement 2017 Nov 21
Buypass All end-entity certificates that we issue or have issued after [date] are within the scope of Mozilla’s policy currently comply with this requirement (select date below) We have issued two (non TLS) certificates without EKU after 1 February 2019 on a customer's request. 2019 Feb 1
Certisign Certificadora Digital All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
China Financial Certification Authority (CFCA) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Chunghwa Telecom All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
ComSign All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
Cybertrust Japan / JCSI All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
D-TRUST All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
DarkMatter LLC All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement Already complies
Deutsche Telekom Security GmbH All end-entity certificates that we issue or have issued after [date] are within the scope of Mozilla’s policy currently comply with this requirement (select date below) 2020 Jan 31
Dhimyotis / Certigna All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
DigiCert All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement External Subordinate CA end-entity certificates (issued by their CAs)will comply by 1-July-2020
Disig, a.s. All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
E-Tugra All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Entrust All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
GlobalSign nv-sa All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
GoDaddy All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Google Trust Services LLC All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Government of Hong Kong (SAR), Hongkong Post, Certizen All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Government of Taiwan, Government Root Certification Authority (GRCA) All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
Government of The Netherlands, PKIoverheid (Logius) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
HARICA All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
IdenTrust Services, LLC All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
Internet Security Research Group All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Izenpe S.A. All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Krajowa Izba Rozliczeniowa S.A. (KIR) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
LuxTrust All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Microsec Ltd. All end-entity certificates that we issue or have issued after [date] are within the scope of Mozilla’s policy currently comply with this requirement (select date below) 2019 Dec 12
Microsoft Corporation All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
NETLOCK Kft. All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
OISTE All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
QuoVadis All end-entity certificates that we issue or have issued after [date] are within the scope of Mozilla’s policy currently comply with this requirement (select date below) QuoVadis has no end entity certificates with anyExtendedKeyUsage. A small number of end entity certificates remain with no EKU. These will expire or be revoked well in advance of July 1, 2020. 2018 Jun 28
SECOM Trust Systems CO., LTD. All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
SK ID Solutions AS Other (please describe below) Please note that SK has terminated issuance of TLS Server Certificates as of 1. September 2017 and therefore we are unable to meet this requirement.
SSL.com All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Sectigo All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
SecureTrust All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Shanghai Electronic Certification Authority Co., Ltd. All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
SwissSign AG All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement
Swisscom (Switzerland) Ltd Other (please describe below) Swisscom Certificates are not in the root store any more. Nevertheless we received the "Mozilla CA Communication: Action requested by January 31, 2020" mail from Wayne. Was this an error or is there something additional Swisscom needs to do in order not to receive the root store communications?
Taiwan-CA Inc. (TWCA) All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Telia Company All end-entity certificates that we issue on or after July 1, 2020 and are within the scope of Mozilla’s policy will comply with this requirement We did full scan to all our publicly trusted Client certificates. We found one seldom used sub-process that still was generating empty EKUs to our client certificates. That will be fixed before June. 2020 Jun 30
TrustCor Systems All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
Trustis Other (please describe below) End-entity certificate issuance under the current service has been discontinued therefore no new certificates will be issued after 1st July, 2020. Please Note: No certificate has been issued since 2nd January 2018 and no further Certificates will be issued until the service is terminated following the expiration of the last certificate (2nd January 2021).
Web.com All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
certSIGN All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement
eMudhra Technologies Limited All unexpired, non-revoked end-entity certificates that we issue or have issued and are within the scope of Mozilla’s policy currently comply with this requirement