Notes from the CCADB Steering Committee meeting on January 13, 2022...
- For root store home pages, create a new tab called “CA Task Lists” to contain the new reports that are currently underneath the “Root Store Task List”.
- For all of the new reports:
- On each of the new reports, add a filter to allow users to filter on Root Store. For example, when “Apple” is selected, only show the results for which the Root Certificate Status contains “Apple: Included”
- Add indications to the header text bullet points to distinguish between the AND & OR filters
- Enable sort by clicking on an any column headings in the reports
- Change “Certs” to “Certificates” in the report headings/names
- For report: Root Certificates with Outdated Audit Statements
- Add a column named “Audit Case” which contains a link to the open Audit Case associated with the root certificate, if there is one.
- For these reports: Intermediate Certificates with Outdated Audit Statements, Intermediate Certificates with Missing Information, and Intermediate Certificates with Failed ALV Results
- Remove “Technically Constrained” filters, and update the header text bullet points to remove “Technically Constrained is FALSE”
- Add a column for Technically Constrained (it should be after Derived Trust Bits)
- Add a filter to allow users to filter on Derived Trust Bits. For example, when “Server Authentication” is selected, only show the results for which the Derived Trust Bits contains Server Authentication.
- For report: Intermediate Certificates with Failed ALV Results
- The ALV results did not get copied from production into Sandbox for many of the intermediate certificates.
- Compare the Intermediate Certs - Failed ALV Results For Standard and BR report in production with this report, and take a look at the intermediate certificate records that are giving different results
- Can resolve by running ALV over intermediate certs in sandbox that are missing the ALV results. (we can test the ALV comments in sandbox by adding our own)
- The dates in the Audit Statement Dates column should come from wherever the audit statement is found (e.g. may be found higher up in the certificate chain)
== Email ==
We would like to replace all of the separate audit reminder emails with one monthly email from the CCADB.
To start with, the email will look like:
TO: <Primary POC>
CC: <POCs, only if Alias1 and Alias2 null> and <Alias1 & Alias2>
If the two audit statement reports are non-zero, then "CCADB: Overdue Audit Statements"
Otherwise "CCADB: Items Need Your Attention"
You have the following items that need to be resolved in the CCADB. Please login to the CCADB to see the full list on your home page.
- Root Certificates with Outdated Audit Statements (5)
- Intermediate Certificates with Outdated Audit Statements (2)
- Intermediate Certificates with Missing Information (0)
- Intermediate Certificates with Failed ALV Results (6)
- Intermediate Certificates with Missing Full CRL (145)
Instructions may be found at www.ccadb.org/cas.
If you need help, contact firstname.lastname@example.org or the appropriate root store email address that is listed on your CCADB home page.
Then we’ll request feedback from CAs and may add more information to the emails later.