1231853 - Add TrustCor CA root certificates

Status: RESOLVED FIXED

(CA Program :: CA Certificate Root Program, task)

Description

[Neil Dunbar]

Attachment: CAInformationTemplate_TrustCor.pdf

CA Details
----------

CA Name: TrustCor CA
Website: http://www.trustcorsystems.com
One Paragraph Summary of CA, including the following:
TrustCor is a commercial organization, issuing S/MIME and SSL certificates to the general public. Its operations are not restricted to any particular geography.

Audit Type (WebTrust, ETSI etc.): WebTrust
Auditor: Princeton Audit Group
Auditor Website: http://princetonauditgroup.com
Audit Document URL(s): https://cert.webtrust.org/ViewSeal?id=1800

Certificate Details
-------------------
See attached PDF document for CA details

Comment 1

[Neil Dunbar]

To the best of my knowledge, all data presented in the submission is correct and complete.

Neil Dunbar,
TrustCor Systems S. de R.L.

Comment 2

[Neil Dunbar]

Attachment: Root Certificate - TrustCor ECA-1

Comment 3

[Neil Dunbar]

Attachment: Root Certificate - TrustCor CA-2

Comment 4

[Neil Dunbar]

Attachment: Root Certificate - TrustCor CA-1

Comment 5

[Neil Dunbar]

I have reviewed each certificate stored in the ticketing system as attachments and verified authenticity and completeness. I also have validated that each certificate matches the business purpose stated in TrustCor's CPS document.

Neil Dunbar
TrustCor Systems S. de R.L.

Comment 6

[Kathleen Wilson]

I am beginning the information verification as described here:
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification

Comment 7

[Kathleen Wilson]

Attachment: 1231853-CAInformation.pdf

I have entered the information for this request into Salesforce.

Please review the attached document to make sure it is accurate and complete, and comment in this bug to provide corrections and the additional requested information (search for NEED in the attached document).

Comment 8

[Erwann Abalea]

You should consider recertifying your intermediate certificates and subscriber certificates, because you inserted a wrong OID as your policyId: 1.3.6.1.4.4.44031.1.1.1 instead of 1.3.6.1.4.1.44031.1.1.1.

Comment 9

[Neil Dunbar]

Thanks for the spot. Will review and adjust the issuance profiles.

Comment 10

[Neil Dunbar]

Attachment: Update Root Certificate - TrustCor CA1

Comment 11

[Neil Dunbar]

Attachment: Updated Root Certificate - TrustCor CA-1

Comment 12

[Neil Dunbar]

Attachment: Updated Root Certificate - TrustCor CA-2

Comment 13

[Neil Dunbar]

Attachment: Updated TrustCor_ECA1.pem

Comment 14

[Neil Dunbar]

TrustCor has elected to modify its root certificates to more completely comply with the strictures of the BRs and  RFC 5280. The earlier versions of the roots included a crlDistributionPoint, which has been removed.  Further, it has reissued its subordinate CA to correct the policyID OID (thanks to Erwann Abalea of Docusign).  The only visible changes to TrustCor's root certificates are the notBefore date and deletion of the crlDistributionPoint extension.

TrustCor is working with Microsoft to update the certificates in their root store, and will publish details to CA/B Forum's public mailing list of the certificate modification details. TrustCor's updated CP and CPS documents (policyID OID correction) have been published in a new micro-release (CP 1.2.1 and CPS 1.2.2).

Please note these changes are specific to the certificate details only - the names, expiry dates and public key values remain unchanged - all signatures made prior to the reissue remain in force. Similarly, the PKI hierarchy and terms and conditions pertaining to issuance and use of TrustCor certificates remain unchanged.

For comparison, the old certificates are retained on the URI http://www.trustcor.ca/certs/pre-2016-01-reissue/ using the same hierarchy and naming structure as present with http://www.trustcor.ca/certs/

Having tested the modified root and subordinate CA certificates against the test URIs within this ticket, it is TrustCor's opinion  that we have corrected such issues as mentioned in Comment 7 above, and that the process to include the certificates is ready to proceed.  Thank you!

Comment 15

[Neil Dunbar]

I think that there was a request for a clear statement on any other unconstrained CA certificates which chain to the TrustCor root certificates.

There are no unconstrained subordinate CA certificates in circulation which chain to the three root certificates included in this ticket, other than those described in the CPS section 7.1.2.2

Comment 16

[Neil Dunbar]

Attachment: Updated WebTrust Audit (CA + BR) for 2015

CA: https://cert.webtrust.org/SealFile?seal=1966&file=pdf
BR: https://cert.webtrust.org/SealFile?seal=1965&file=pdf

Comment 17

[Kathleen Wilson]

We recently added a test to the Information Verification process, so for each of the 3 root certs please...
Browse to https://cert-checker.allizom.org/ and enter the test website and click on the 'Browse' button to provide the PEM file for the root certificate. Then click on 'run certlint'. All errors must be resolved/fixed. Warnings should also be either resolved or explained.

Comment 18

[Kathleen Wilson]

Attachment: 1231853-CAInformation.pdf

Updated CA Information document attached. Please review for accuracy, and comment in this bug to provide corrections/updates.

Comment 19

[Neil Dunbar]

Attachment: Updated Root Certificate - TrustCor CA-1

Comment 20

[Neil Dunbar]

Attachment: Updated Root Certificate - TrustCor CA-2

Comment 21

[Neil Dunbar]

Attachment: Updated Root Certificate - TrustCor ECA-1

Comment 22

[Neil Dunbar]

We have produced new versions of our root and intermediate certificates which remove all syntactic issues highlighted by the certlint tool. These new versions are uploaded as replacement attachments to this ticket.

Comment 23

[Kathleen Wilson]

Attachment: 1231853-CAInformation-Complete.pdf

Comment 24

[Kathleen Wilson]

This request has been added to the queue for public discussion.
https://wiki.mozilla.org/CA:Schedule#Queue_for_Public_Discussion
I will update this bug when I start the discussion.

Comment 25

[Neil Dunbar]

Attachment: cp-cps.zip

These CP and CPS documents replace version 1.2.0 for TrustCor Systems

Comment 26

[Neil Dunbar]

Attachment: WebTrust Audit reports for 2015 through 2016 for TrustCor

Updated WebTrust Audit (CA + BR) for 2016

CA: https://cert.webtrust.org/SealFile?seal=2169&file=pdf
BR: https://cert.webtrust.org/SealFile?seal=2163&file=pdf

Comment 27

[Neil Dunbar]

Please note that the required new audit and practice information has been uploaded to this ticket to inform the public discussion phase of this submission

Comment 28

[Kathleen Wilson]

Neil,
Please perform the BR Self Assessment, and attach the resulting BR-self-assessment document to this bug.

Note:
Current version of the BRs: https://cabforum.org/baseline-requirements-documents/
Until a version of the BRs is published that describes all of the allowed methods of domain validation, use version 1.4.1 for section 3.2.2.4 (Domain validation): https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.1.pdf

= Background = 

We are adding a BR-self-assessment step to Mozilla's root inclusion/change process.

Description of this new step is here:
https://wiki.mozilla.org/CA:BRs-Self-Assessment

It includes a link to a template for CA's BR Self Assessment, which is a Google Doc:
https://docs.google.com/spreadsheets/d/1ni41Czial_mggcax8GuCBlInCt1mNOsqbEPzftuAuNQ/edit?usp=sharing

Phase-in plan is here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/Y-PxWRCIcck/Fi9y6vOACQAJ
In particular, note:
+ For the CAs currently in the queue for discussion, I would ask them to perform this BR Self Assessment before I would start their discussion.

Comment 29

[Neil Dunbar]

Attachment: TrustCor CA's BR Self Assessment

Comment 30

[Neil Dunbar]

Thanks Kathleen,

We have uploaded our BR 1.4.4 Self Assessment.

Attachment 8860163 [details]

If we can provide additional information, please let us know.

Neil

Comment 31

[Aaron Wu]

Attachment: Information Verification Updated & Final - 20170515

Comment 32

[Aaron Wu]

Hi Neil,

BR Self Assessment has been verified and updated in Salesforce as Comment#31.

Once the public discussion starts, we will inform you and post the forum link here.

Thanks,
Aaron

Comment 33

[Aaron Wu]

Attachment: Information Verification Updated & Final - 20170517

Comment 34

[Aaron Wu]

I am now opening the public discussion period for this request from TrustCor to include their Root Certification Authority root certificate, and turn on the Websites and Email trust bits.

For a description of the public discussion phase, see https://wiki.mozilla.org/CA:How_to_apply#Public_discussion

Public discussion will be in the mozilla.dev.security.policy forum.
https://www.mozilla.org/en-US/about/forums/#dev-security-policy

The discussion thread is called "TrustCor root inclusion request".

Please actively review, respond, and contribute to the discussion.

A representative of this CA must promptly respond directly in the discussion thread to all questions that are posted.

Thanks,
Aaron

Comment 35

[Kathleen Wilson]

The public comment period for this request is now over.

This request has been evaluated as per Mozilla’s Root Store Policy at

http://www.mozilla.org/projects/security/certs/policy/

Here follows a summary of the assessment. If anyone sees any factual errors, please point them out.

I am not aware of instances where TrustCor has knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug.

CA Owner: TrustCor Systems
Geographic Focus: Canada, Global
Primary Market / Customer Base: TrustCor develops privacy protection services and issues certificates to its customers in support of such services.

* Root Certificate 1 of 3	 

Subject: CN=TrustCor RootCert CA-1, OU=TrustCor Certificate Authority, O=TrustCor Systems S. de R.L., C=PA
Trust Bits: Email; Websites
EV Policy OID: Not EV

Root Certificate Download URL: https://bugzilla.mozilla.org/attachment.cgi?id=8716896
Test Website - Valid: https://catest1.trustcor.ca/
Test Website - Expired: https://catest1-expired.trustcor.ca/
Test Website - Revoked: https://catest1-revoked.trustcor.ca/

CA Hierarchy: This root issues internally­‐operated SubCAs which issues SSL and S/MIME certificates.
Externally Operated SubCAs: This root does not and will not have any subCAs that are operated by external third parties.
Cross Signing: None. None planned

CRL URL(s): http://crl.trustcor.ca/
http://crl.trustcor.ca/root/ca1.crl
http://crl.trustcor.ca/sub/ca1-site.crl
OCSP URL(s): http://ocsp.trustcor.ca/root/ca1
http://ocsp.trustcor.ca/sub/ca1-site
Maximum expiration time of OCSP responses: 4 days

* Root Certificate 2 of 3	 

Subject: CN=TrustCor RootCert CA-2, OU=TrustCor Certificate Authority, O=TrustCor Systems S. de R.L., C=PA
Trust Bits: Email; Websites
EV Policy OID: Not EV

Root Certificate Download URL: https://bugzilla.mozilla.org/attachment.cgi?id=8716897
Test Website - Valid: https://catest2.trustcor.ca/
Test Website - Expired: https://catest2-expired.trustcor.ca/
Test Website - Revoked: https://catest2-revoked.trustcor.ca/

CA Hierarchy: This root issues internally­‐operated SubCAs which issues SSL and S/MIME certificates.
Externally Operated SubCAs: This root does not and will not have any subCAs that are operated by external third parties.
Cross Signing: None. None planned

CRL URL(s): http://crl.trustcor.ca/
http://crl.trustcor.ca/root/ca2.crl
http://crl.trustcor.ca/sub/ca2-site.crl
OCSP URL(s): http://ocsp.trustcor.ca/root/ca2
http://ocsp.trustcor.ca/sub/ca2-site
Maximum expiration time of OCSP responses: 4 days

* Root Certificate 3 of 3 

Subject: CN=TrustCor ECA-1, OU=TrustCor Certificate Authority, O=TrustCor Systems S. de R.L., C=PA
Trust Bits: Email; Websites
EV Policy OID: Not EV

Root Certificate Download URL: https://bugzilla.mozilla.org/attachment.cgi?id=8716898
Test Website - Valid: https://valid.epki.external.trustcor.ca/
Test Website - Expired: https://expired.epki.external.trustcor.ca/
Test Website - Revoked: https://revoked.epki.external.trustcor.ca/

CA Hierarchy: CPS section 1.3.1: The Enterprise Root Certificate (ECA-1) - used as the ultimate root for enterprise PKIs issuing credentials to their principals in restricted namespaces. 
TrustCor CA undertakes to ensure that all operations conducted using these certificates, including registration of entities, validation of same, issuance and revocation of certificates are performed in accordance with the strictures of this document, the governing CP. Note that Enterprise Subordinate CA certificates are still TrustCor CA certificates, and TrustCor CA is responsible for their issuance, insofar as the enterprise subscriber agreements is obeyed. TrustCor CA is responsible for revoking an enterprise subordinate CA should it discover substantive violations of its enterprise agreements.
Externally Operated SubCAs: There will be subCAs that are operated by external third parties in this CA hierarchy.
CPS section 1.3.2: External RAs are present where external Enterprise CAs have been licensed to issue name restricted TrustCor CA certificates; such RAs must adhere to the terms of registration, validation and publication as noted in this document as well as the Enterprise Subscriber Agreement between TrustCor CA and the subscribing organization. External RAs are not entitled to perform general domain or organizational validation; they are strictly limited to registration for credentials to domains and principals assigned to their specific organization.
CPS section 4.2: For Enterprise Subordinate CAs, the processing is done by the RA belonging to the enterprise subscriber, and issuance is done under the technically restricted CA software under the enterprise subscriber’s control.
Cross Signing: CPS section 3.2.6: TrustCor CA may cross-certify other CA certificates, subject to a specific agreement between TrustCor CA and another party.
The cross-signed certificates will be made available under the same terms as TrustCor CA’s own CA certificates on the repository specified in Section 2.1.

CRL URL(s): http://crl.trustcor.ca/
http://crl.trustcor.ca/root/eca1.crl
http://crl.trustcor.ca/sub/eca1-external.crl
OCSP URL(s): http://ocsp.trustcor.ca/root/eca1
http://ocsp.trustcor.ca/sub/eca1-external
Maximum expiration time of OCSP responses: 4 days


* Documents:
https://www.trustcorsystems.com/resources/
https://www.trustcorsystems.com/static/webtrust/cp.pdf
https://www.trustcorsystems.com/static/webtrust/cps.pdf
	
* BR Self Assessment: https://bugzilla.mozilla.org/attachment.cgi?id=8860163

TrustCor Systems appears to meet the minimum requirements for subscriber verification, as follows:

* SSL Verification Procedures: CPS section 3.2.2.4 provides the details for how ownership/control of the domain name to be included in certificates is perfomed. 
CP 3.2.5 Validation of authority
TrustCor CA, or any authorized external RA, must verify the evidence accompanying a certificate request according to the following certificate types:
- DV SSL Certificates - the domain name registrar must list the applicant as part of the WHOIS record; or effective control of the domain shall be demonstrated by the applicant or communication satisfying BR 3.2.2.4 shall be obtained.
- OV SSL Certificates - In addition to the communications as per DV SSL Certificates, the CA/RA must also be satisfied that such assurances as per BR 3.2.2.2 and BR 3.2.2.3 have been completed. Specifically, reliable data sources such as government registries of incorporation shall be consulted to verify that the organizational identity can be reasonably asserted in the certificate subject.
- S/MIME Certificates - the requestor must demonstrate control over receiving and sending messages from the specified email address.
- Level 2 Individual-Organizational Certificates - the CA must possess communication delivered using a reliable method that the individual has an ongoing association with the organization; and that this communication must be sourced from someone in the organization 29 with the ability to speak authoritatively for its associations (e.g. an HR representative, the signatory to a contract of employment, etc.) 

** CPS section 4.2: For Enterprise Subordinate CAs, the processing is done by the RA belonging to the enterprise subscriber, and issuance is done under the technically restricted CA software under the enterprise subscriber’s control.

** Enterprise subordinate CAs are technically constrained via Name Constraints as described in CPS section 7.1.2.2.

* EV SSL Verification Procedures: Not requesting EV treatment

* Email Verification Procedures: CPS section 3.2.2.4: For Secure Email certificates, a challenge email is sent to the mailbox requested in registration. If the mailbox owner is capable of seeing and replying to the email, whether by clicking a link contained within the challenge or returning an acceptable reply via email to the challenge, the email identity is deemed validated.
Verification codes generated uniquely per validation request and time out after a period not exceeding 7 days (although TrustCor CA may shorten that period at its discretion).

** Enterprise subordinate CAs are technically constrained via Name Constraints as described in CPS section 7.1.2.2.

* Audits
Annual audits are performed by Princeton Audit Group (PAG), according to the WebTrust criteria.
Standard Audit: https://cert.webtrust.org/SealFile?seal=2169&file=pdf
BR Audit: https://cert.webtrust.org/SealFile?seal=2163&file=pdf


Based on this assessment, I intend to approve this request to include the following root certificates:
** 'TrustCor RootCert CA-1' (Websites;Email)
** 'TrustCor RootCert CA-2' (Websites;Email)
** 'TrustCor ECA-1' (Websites;Email)

Comment 36

[Andrew]

Please recheck these links after adding this 3 TrustCor Root certs:
Valid for RootCA-1 https://catest1.trustcor.ca/ (no green SSL icon)
Expired for RootCA-1 https://catest1-expired.trustcor.ca/ (no DNS)
Revoked for RootCA-1 https://catest1-revoked.trustcor.ca/ (no DNS)
•Expired for RootCA-2 https://catest2-expired.trustcor.ca/ (no DNS)
Revoked for RootCA-2 https://catest2-revoked.trustcor.ca/ (no DNS)
•Valid for ECA-1 https://valid.epki.external.trustcor.ca/ (no green SSL icon)
Checked after adding these 3 certificates to Android OS on Google Chrome ver.55 Stable, ver.48 Stable and default Android browser from KitKat.

Comment 37

[Aaron Wu]

Thanks Andrew for your verification.

Hi Neil, as the test websites below, they all look good when I verified before public disucssion. But when re-verifying, some of sites run incorrectly now. Could you help to re-check each of those to ensure maintaining these test websites on an ongoing basis.


* Test Websites
RootCert CA-1 valid: https://catest1.trustcor.ca/ 
RootCert CA-1 revoked: https://catest1-revoked.trustcor.ca/ 
RootCert CA-1 expired: https://catest1-expired.trustcor.ca/ 

RootCert CA-2 valid: https://catest2.trustcor.ca/ 
RootCert CA-2 revoked: https://catest2-revoked.trustcor.ca/ 
RootCert CA-2 expired: https://catest2-expired.trustcor.ca/ 

ECA1-External valid: https://valid.epki.external.trustcor.ca/ 
ECA1-External revoked: https://revoked.epki.external.trustcor.ca/ 
ECA1-External expired: https://expired.epki.external.trustcor.ca/

Thanks,
Aaron

Comment 38

[Neil Dunbar]

Aaron,

Apologies for the confusion — we updated our revocation URIs at the beginning of 2017.   Note that we also discussed this issue [1] using the public forum on August 14th.

Our current CPS, v1.3.3 Section 2.2, correctly states them.  

RootCert CA-1 valid      https://catest1.trustcor.ca/
RootCert CA-1 revoked    https://catest1-revoke.trustcor.ca/
RootCert CA-1 expired    https://catest1-expire.trustcor.ca/

RootCert CA-2 valid      https://catest2.trustcor.ca/
RootCert CA-2 revoked    https://catest2-revoke.trustcor.ca/
RootCert CA-2 expired    https://catest2-expire.trustcor.ca/

ECA1-External valid      https://valid.epki.external.trustcor.ca/
ECA1-External revoked    https://revoked.epki.external.trustcor.ca/
ECA1-External expired    https://expired.epki.external.trustcor.ca/


We have confirmed we are correctly monitoring the above naming, now with 5 minute intervals.

Kind regards,

Neil


[1] https://groups.google.com/forum/#!searchin/mozilla.dev.security.policy/catest1-revoke.trustcor.ca%7Csort:relevance/mozilla.dev.security.policy/R2uG3wisU7s/xYEboxf7CAAJ

Comment 39

[Andrew]

Hello Neil,

The "valid" links for RootCA-1 and Root ECA-1 still not works. Maybe I used wrong root certs but on your website: https://www.trustcorsystems.com I find no TrustCor certs.

Thanks,
Andrew.

Comment 40

[Neil Dunbar]

Aaron, or other ticket handlers: have you been able to see the issues which Andrew is reporting? We have attempted to troubleshoot this issue but we have not been able to reproduce.  

For convenience, our root certificates are available under https://www.trustcorsystems.com/resources/. 

Regards,

Neil

Comment 41

[Aaron Wu]

Neil,

Thanks for your information update, here are the correct URIs below 

https://catest1-revoke.trustcor.ca/ 
https://catest1-expire.trustcor.ca/ 
https://catest2-revoke.trustcor.ca/ 
https://catest2-expire.trustcor.ca/ 

I've been verified all test websites, if anyone has other related question please report in this bug.


Best regards,
Aaron

Comment 42

[Andrew]

Now RootCert CA-1 valid  is OK,
RootCert CA-1 revoked: green SSL icon,
RootCert CA-1 expired is OK.

RootCert CA-2 valid is OK,
RootCert CA-2 revoked: green SSL icon,
RootCert CA-2 expired is OK.

Root ECA-1 valid: red SSL icon (incorrect),
Root ECA-1 revoked is OK,
Root ECA-1 expired is OK.

Comment 43

[Kathleen Wilson]

Andrew, thank you for bringing to our attention that we had not updated the CA's test websites in the CCADB. I have successfully tested all of these test websites using both an old and new Firefox profile, after importing the root certificate.

(In reply to Andrew from comment #42)
> Root ECA-1 valid: red SSL icon (incorrect),

After importing the certificate (https://bugzilla.mozilla.org/attachment.cgi?id=8716898), I am able to browse to this test website and get the green lock icon.

Comment 44

[Kathleen Wilson]

(In reply to Kathleen Wilson from comment #43)
> After importing the certificate
> (https://bugzilla.mozilla.org/attachment.cgi?id=8716898), I am able to
> browse to this test website and get the green lock icon.

Also successfully tested with a new profile and using https://www.trustcorsystems.com/certs/TrustCor_ECA1.pem

Comment 45

[Kathleen Wilson]

As per the summary in Comment #35, and on behalf of Mozilla I approve this request from TrustCor Systems to include the following root certificates:

** 'TrustCor RootCert CA-1' (Websites, Email)
** 'TrustCor RootCert CA-2' (Websites, Email)
** 'TrustCor ECA-1' (Websites, Email)

I will file the NSS bug for the approved changes.

Comment 46

[Kathleen Wilson]

I have filed bug #1395726 against NSS for the actual changes.

Comment 47

[Neil Dunbar]

Attachment: TrustCor CA Audit Report (2016-12 through 2017-11)

Comment 48

[Neil Dunbar]

Attachment: TrustCor SSL Audit Report (2016-12 through 2017-11)

Comment 49

[Neil Dunbar]

Attachment: TrustCor CA - Audit Report and Management Assertions (2017 - 2018)

This is the WebTrust for CAs report for TrustCor CA from Dec 1, 2017 through November 30, 2018. We will be using Bugzilla as the temporary storage point for these reports until they are hosted on cpacanada.ca's website.

Comment 50

[Neil Dunbar]

Attachment: TrustCor CA SSL Baseline - Audit Report and Management Assertions (2017 - 2018)

This is the WebTrust for CAs (SSL Baseline) report for TrustCor CA from Dec 1, 2017 through November 30, 2018. We will be using Bugzilla as the temporary storage point for these reports until they are hosted on cpacanada.ca's website.

Comment 51

[Neil Dunbar]

Attachment: TrustCor CA - Audit Report and Management Assertions (2018-2019)

This is the WebTrust for CAs report for TrustCor CA from Dec 1, 2018 through November 15, 2019. We will be using Bugzilla as the temporary storage point for these reports until they are hosted on cpacanada.ca's website.

Comment 52

[Neil Dunbar]

Attachment: TrustCor CA SSL Baseline - Audit Report and Management Assertions (2018 - 2019)

This is the WebTrust for CAs (SSL Baseline) report for TrustCor CA from Dec 1, 2018 through November 15, 2019. We will be using Bugzilla as the temporary storage point for these reports until they are hosted on cpacanada.ca's website.

Comment 53

[Neil Dunbar]

Attachment: TrustCor Preliminary Audit Report WTCA 2020

Preliminary Audit Report - not finalised

Comment 54

[Neil Dunbar]

Attachment: TrustCor SSL Report 2020.pdf

Preliminary Audit Report WT-BR-SSL - not finalised

Comment 55

[Neil Dunbar]

Attachment: Code Signing - PITRA - 2020.pdf

Code Signing PITRA 2020 - not finalised yet

Comment 56

[Neil Dunbar]

Attachment: TrustCor Code Signing PITRA - 2020.pdf

Preliminary report for TrustCor Code Signing point in time audit.

Comment 57

[Rachel McPherson]

Attachment: TrustCor-CA-Report-2021.pdf

TrustCor Preliminary Audit Report - WTCA 2021, not finalized

Comment 58

[Rachel McPherson]

Attachment: TrustCor-SSL-Report-2021.pdf

TrustCor Preliminary Audit Report - WT SSL Baseline 2021, not finalized

Comment 59

[Rachel McPherson]

Attachment: TrustCor-CS-Report-2021.pdf

TrustCor Preliminary Audit Report - WT Code Signing Baseline 2021, not finalized