All,
I added the following to
https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F
~~
Intermediate certificates are considered to be technically constrained, and do not need to be added to the CA Community in Salesforce if:
- The certificate has the Extended Key Usage (EKU) extension and the EKU does not include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth
- The root certificate is not enabled with the Websites trust bit
~~
This means that CAs do not need to add intermediate certificates that have an EKU that only includes KeyPurposeIds id-kp-emailProtection or id-kp-codeSigning.
Does anyone see any problems with this?
Kathleen