Common CA Database

Home | Policy | For CAs | For Root Stores | Resources

Field Types and Valid Values

This document explains how the various records and sections in the CCADB are best filled out, with some advice on how to create or obtain the data.

Policies and Practices Information

Field NameWhat to Enter
CP/CPS Same as Parent Check this box if this certificate has the same CP/CPS information as the issuing certificate (or a subset). If you check this box, then do not enter data into the other fields in this section. If you need to add data to the other fields in this section, then uncheck this box.
Policy Documentation Notes about the documentation, such as which language the documents are in, or additional documents that need to be listed.
CA Document Repository URL to the document repository pertaining to this certificate.
Certificate Policy (CP) URL to the Certificate Policy (CP) pertaining to this certificate.
Certificate Practice Statement URL to the Certificate Practice Statement (CPS) pertaining to this certificate.

Audit Information

Field NameWhat to Enter
Audits Same as Parent Check this box if this certificate has the same audit information as the issuing certificate (or a subset). If you check this box, then do not enter data into the other fields in this section. If you need to add data to the other fields in this section, then uncheck this box.
Standard Audit URL to an auditor's statement that the operation of this certificate has been audited according to one of:
  • ETSI TS 101 456 V1.4.3 or later (only applicable to non-SSL certs)
  • ETSI TS 102 042 V2.3.1 or later
  • ETSI EN 319 411-1 v1.1.1 or later
  • ETSI EN 319 411-2 v2.1.1 or later
  • WebTrust Principles and Criteria for Certification Authorities v2.0 or later
Standard Audit Type One of:
  • WebTrust
  • ETSI EN 319 411
  • ETSI TS 101 456
  • ETSI TS 102 042
Standard Audit Period For each Audit Statement provide the Audit Period Start Date and Audit Period End Date. In a period‐of‐time audit, the Audit Period is the period between the first day (start) and the last day of operations (end) covered by the auditors in their engagement. The period during which the CA issues Certificates SHALL be divided into an unbroken sequence of audit periods. An audit period MUST NOT exceed one year in duration.
Standard Audit Statement Date Date that the audit statement was signed.
BR Audit URL to a corresponding Baseline Requirements audit statement. Only required if the root certificate has the Websites trust bit enabled, and this certificate is capable of issuing SSL/TLS certificates.
BR Audit Type One of:
  • WebTrust
  • ETSI EN 319 411
  • ETSI TS 102 042
BR Audit Statement Date Date that the BR audit statement was signed.
EV Audit URL to a corresponding EV audit statement. Only required if the root certificate has EV-treatment, and this certificate is capable of issuing EV SSL/TLS certificates.
EV Audit Type One of:
  • WebTrust
  • ETSI EN 319 411
  • ETSI TS 102 042
EV Audit Statement Date Date that the EV audit statement was signed.
Auditor The Auditor's name
Auditor Website URL to the auditor's website, or a site showing their affiliation, accreditation, or qualifications
Auditor Qualifications URL to an attestation of the auditor's qualifications.
Management Assertions By The name (in English) of the organization who made the management assertions for the Standard Audit. i.e. The name of the organization that validates the data to be included in certificates signed by this issuer.


If you need help finding a suitable URL to demonstrate the qualifications of your auditor, try this list for WebTrust, or see one of these three sites for ETSI.

PEM Data

The CCADB accepts certificate information in the PEM format. PEM is a container format defined in RFCs 1421 to 1424. PEM actually means Privacy Enhanced Mail, but the container format it uses is a Base64 translation of X.509 ASN.1 keys.

Mozilla’s TLS Observatory Certificate Explainer may be used to convert a certificate in any other format into PEM, as follows:

  • Visit the Certificate Explainer.
  • In the ‘Post a certificate’ section click on the ‘Browse…’ button to select a .cer, .crt, .cert, or .pem file.
  • Check the top of the window to make sure there are no errors listed, and that the desired certificate has been found.
  • The data in the text box in the ‘Post a certificate’ section is the PEM.
  • Copy and paste the entire PEM blob, which starts with “—–BEGIN CERTIFICATE—–” and ends with “—–END CERTIFICATE—–”, into the CCADB.

Uploading Documents

Many CCADB fields require URLs to documents. In general, CP/CPS and Audit information for publicly-disclosed and audited intermediate certificates should be provided on the subordinate CA’s website, or the CA’s website. However, if for some reason this is not possible, you can use Mozilla’s Bugzilla bug-tracking system to store the documents and get a URL for use in the CCADB as follows:

  1. If you don’t already have a Bugzilla account, create one for yourself.
  2. Search to see if there is already a Bugzilla Bug for your CA that you can attach your documents to.
  3. If one does not exist for your CA, create one.
    • Enter Summary as: “Documents for <your CA’s name> intermediate certificates”
    • Enter Description as: “The purpose of this bug is to store documents related to the publicly disclosed and audited intermediate certificates chaining up to <your CA’s name> root certificates.”
  4. Attach the document to the bug using the attachment mechanism.
  5. Copy and paste the link to the attachment into the corresponding field in the CCADB.
  6. Repeat steps 4 and 5 as needed, using the same Bugzilla bug.