info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Which intermediate certs to add to CA Community in Salesforce
65 views
Skip to first unread message
Kathleen Wilson
Apr 13, 2016, 5:26:07 PM4/13/16
to mozilla-dev-s...@lists.mozilla.org
All,
I added the following to
https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F
~~
Intermediate certificates are considered to be technically constrained, and do not need to be added to the CA Community in Salesforce if:
- The certificate has the Extended Key Usage (EKU) extension and the EKU does not include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth
- The root certificate is not enabled with the Websites trust bit
~~
This means that CAs do not need to add intermediate certificates that have an EKU that only includes KeyPurposeIds id-kp-emailProtection or id-kp-codeSigning.
Does anyone see any problems with this?
Kathleen
I added the following to
https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F
~~
Intermediate certificates are considered to be technically constrained, and do not need to be added to the CA Community in Salesforce if:
- The certificate has the Extended Key Usage (EKU) extension and the EKU does not include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth
- The root certificate is not enabled with the Websites trust bit
~~
This means that CAs do not need to add intermediate certificates that have an EKU that only includes KeyPurposeIds id-kp-emailProtection or id-kp-codeSigning.
Does anyone see any problems with this?
Kathleen
Peter Bowen
Apr 13, 2016, 9:32:34 PM4/13/16
to Kathleen Wilson, mozilla-dev-s...@lists.mozilla.org
emailProtection. This seems to make emailProtection a second class
citizen.
Thanks,
Peter
0 new messages