Open Bug 1778589 Opened 2 years ago Updated 1 year ago

In Add/Update Root Request Cases prevent CAs from adding intermediate certs as root certs

Categories

(CA Program :: Common CA Database, task)

Product:
CA Program
Component:
Common CA Database
Type:
task

Tracking

(Not tracked)

People

(Reporter: kathleen.a.wilson, Unassigned)

References

Details

When CAs add new certificates in Add/Update Root Request Cases, corresponding root certificate records get created. The problem arises when a CA mistakenly adds intermediate certificates to their request -- those intermediate certificates get added as root certificates.

Please add a check that the certificate's Subject == Issuer before creating a corresponding root certificate record.

If the certificate's Subject != Issuer, then display a warning that says

Please only add root certificates in your Root Inclusion Case.
After you have added your root certificates, you may directly add intermediate certificates as described in https://www.ccadb.org/cas/intermediates

In the warning pop-up provide buttons: 'Add Cert as Trust Anchor' and 'Go Back'.
('Add Cert as Trust Anchor' means to proceed anyways.)

Depends on: 1737866
Depends on: 1791425
No longer depends on: 1737866
Summary: In Root Inclusion Cases prevent CAs from adding intermediate certs as root certs → In Add/Update Root Request Cases prevent CAs from adding intermediate certs as root certs
Product: NSS → CA Program
Priority: P2 → --
Whiteboard: [ccadb-enhancement]
You need to log in before you can comment on or make changes to this bug.