CCADB Update: Derived Trust Bits on Intermediate Cert Records

[Kathleen Wilson]

All,

Some changes have happened in regards to how the "Derived Trust Bits" and "EV SSL Capable" fields are filled in for intermediate certificate records in the CCADB:

1. The logic for these fields now considers the root store settings of Apple (this is new), Microsoft, and Mozilla.
   
2. The fields now get updated if needed when a related field is changed – a trigger causes an asynchronous process to run. (previously done via a batch process that was scheduled to run at certain times)
3. Some bugs in the logic have been resolved.
   

See https://www.ccadb.org/cas/fields#formula-fields for information about these fields. They are now used in the CA Task List reports on CA home pages, and are also used in determining the information that CCADB sends to Audit Letter Validation (ALV).

Please let me know if you notice any problems with the values of these fields for your CA's intermediate certificates.

Thanks,

Kathleen