Field Types and Valid Values
This document explains how the various records and sections in the CCADB are best filled out, with some advice on how to create or obtain the data.
Policies and Practices Information
|Field Name||What to Enter|
|CP/CPS Same as Parent||Check this box if this certificate has the same CP/CPS information as the issuing certificate (or a subset). If you check this box, then do not enter data into the other fields in this section. If you need to add data to the other fields in this section, then uncheck this box.|
|Policy Documentation||Notes about the documentation, such as which language the documents are in, or additional documents that need to be listed.|
|CA Document Repository||URL to the document repository pertaining to this certificate.|
|Certificate Policy (CP)||URL to the Certificate Policy (CP) pertaining to this certificate.|
|Certificate Practice Statement||URL to the Certificate Practice Statement (CPS) pertaining to this certificate.|
|Field Name||What to Enter|
|Audits Same as Parent||Check this box if this certificate has the same audit information as the issuing certificate (or a subset). If you check this box, then do not enter data into the other fields in this section. If you need to add data to the other fields in this section, then uncheck this box.|
|Standard Audit||URL to an auditor's statement that the operation of this certificate has
been audited according to one of:
|Standard Audit Type|| One of:
|Standard Audit Period||For each Audit Statement provide the Audit Period Start Date and Audit Period End Date. In a period‐of‐time audit, the Audit Period is the period between the first day (start) and the last day of operations (end) covered by the auditors in their engagement. The period during which the CA issues Certificates SHALL be divided into an unbroken sequence of audit periods. An audit period MUST NOT exceed one year in duration.|
|Standard Audit Statement Date||Date that the audit statement was signed.|
|BR Audit||URL to a corresponding Baseline Requirements audit statement. Only required if the root certificate has the Websites trust bit enabled, and this certificate is capable of issuing SSL/TLS certificates.|
|BR Audit Type|| One of:
|BR Audit Statement Date||Date that the BR audit statement was signed.|
|EV Audit||URL to a corresponding EV audit statement. Only required if the root certificate has EV-treatment, and this certificate is capable of issuing EV SSL/TLS certificates.|
|EV Audit Type|| One of:
|EV Audit Statement Date||Date that the EV audit statement was signed.|
|Auditor||The Auditor's name|
|Auditor Website||URL to the auditor's website, or a site showing their affiliation, accreditation, or qualifications|
|Auditor Qualifications||URL to an attestation of the auditor's qualifications.|
|Management Assertions By||The name (in English) of the organization who made the management assertions for the Standard Audit. i.e. The name of the organization that validates the data to be included in certificates signed by this issuer.|
The CCADB accepts certificate information in the PEM format. PEM is a container format defined in RFCs 1421 to 1424. PEM actually means Privacy Enhanced Mail, but the container format it uses is a Base64 translation of X.509 ASN.1 keys.
Mozilla’s TLS Observatory Certificate Explainer may be used to convert a certificate in any other format into PEM, as follows:
- Visit the Certificate Explainer.
- In the ‘Post a certificate’ section click on the ‘Browse…’ button to select a .cer, .crt, .cert, or .pem file.
- Check the top of the window to make sure there are no errors listed, and that the desired certificate has been found.
- The data in the text box in the ‘Post a certificate’ section is the PEM.
- Copy and paste the entire PEM blob, which starts with “—–BEGIN CERTIFICATE—–” and ends with “—–END CERTIFICATE—–”, into the CCADB.
Many CCADB fields require URLs to documents. In general, CP/CPS and Audit information for publicly-disclosed and audited intermediate certificates should be provided on the subordinate CA’s website, or the CA’s website. However, if for some reason this is not possible, you can use Mozilla’s Bugzilla bug-tracking system to store the documents and get a URL for use in the CCADB as follows:
- If you don’t already have a Bugzilla account, create one for yourself.
- Search to see if there is already a Bugzilla Bug for your CA that you can attach your documents to.
- If one does not exist for your CA, create one.
- Enter Summary as: “Documents for <your CA’s name> intermediate certificates”
- Enter Description as: “The purpose of this bug is to store documents related to the publicly disclosed and audited intermediate certificates chaining up to <your CA’s name> root certificates.”
- Attach the document to the bug using the attachment mechanism.
- Copy and paste the link to the attachment into the corresponding field in the CCADB.
- Repeat steps 4 and 5 as needed, using the same Bugzilla bug.