Request to Include certSIGN Root CA G2 certificate

Wed, 06 May 2020 17:00:19 -0700 

This request is for inclusion of the certSIGN Root CA G2 certificate and to
turn on the Websites trust bit and for EV treatment.


The request is documented in Bugzilla and in the CCADB as follows:

https://bugzilla.mozilla.org/show_bug.cgi?id=1403453

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000403

(Summary of info gathered and verified, URLs for test websites, etc.)



* certSIGN’s BR Self Assessment is here:

https://bugzilla.mozilla.org/attachment.cgi?id=9052673

The Certsign document repository can be found here:

https://www.certsign.ro/en/certsign-documents/policies-procedures

* Root Certificate Locations:

http://crl.certsign.ro/certsign-rootg2.crt

http://registru.certsign.ro/certcrl/certsign-rootg2.crt

http://www.certsign.ro/certcrl/certsign-rootg2.crt

https://crt.sh/?q=657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305

https://censys.io/certificates/657cfe2fa73faa38462571f332a2363a46fce7020951710702cdfbb6eeda3305/pem


* EV Policy OID:   2.23.140.1.1

* CRL URL: http://crl.certsign.ro/certsign-rootg2.crl

* OCSP URL: http://ocsp.certsign.ro



* Audit: See https://bugzilla.mozilla.org/attachment.cgi?id=9142635 (
http://lsti-certification.fr/images/LSTI_Audit_Atttestation_Letter_1612-163_V10_Certsign_S.pdf)
which shows that a recent annual audit was performed on the certSIGN Root
CA G2 by LSTI Group according to ETSI EN 319 411-2, V2.2.2 (2018-04)”,
“ETSI EN 319 411-1, V1.2.2 (2018-04)” and “ETSI EN 319 401, V2.2.1
(2018-04)” as well as the CA/Browser Forum’s “EV SSL Certificate
Guidelines, version 1.7.1” and “Baseline Requirements, version 1.6.7”
considering the requirements of the “ETSI EN 319 403, V2.2.2 (2015-08)” for
the Trust Service Provider Conformity Assessment.


* CP/CPS Review

Ryan Sleevi conducted a preliminary review the PKI Disclosure Statement and
CPS - https://bugzilla.mozilla.org/show_bug.cgi?id=1403453#c13

I followed up, and now Comment #24 in Bugzilla shows the latest responses
from Certsign - https://bugzilla.mozilla.org/show_bug.cgi?id=1403453#c24



This begins the 3-week comment period for this request.

I will greatly appreciate your thoughtful and constructive feedback on the
acceptance of this root into the Mozilla CA program.

Thanks,
Ben
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to