Update visibility (and possibly behavior) of Store-specific status fields on Intermediate Certificate records
Categories
(CA Program :: Common CA Database, enhancement)
Tracking
(Not tracked)
People
(Reporter: clint, Unassigned)
Details
Steps to reproduce:
Intermediate Certificate records contain status fields for each Store in the CCADB. These fields are not visible or directly editable on Intermediate Certificate records. Further, there is some logic in place to automatically set these fields. Unfortunately, currently this logic appears to default to setting the status(es) to "Not Included".
An example is https://ccadb.my.site.com/0014o00001lR4X2AAK / https://ccadb.my.salesforce.com/0014o00001lR4X2AAK, which had its "Apple_Status" field updated to "Not Included" on 8/2/2023.
While it's accurate that the Intermediate Certificate is not directly included in the trust store, because its issuer Root Certificate is, it's somewhat confusing to have the two otherwise identical statuses conflict with each other. Further, since this field is included for some Stores in the AllCertificateRecordsCSVFormat report, it causes inconsistencies in parsing and correctly interpreting the report data.
While I'm not strongly tied to any particular method of addressing these issues, I would propose a couple things:
- Display the Store-specific field in the Store-specific sections of the Intermediate Certificate record type.
- When the parent Root Certificate record has its status changed, sync that change to its Intermediate Certificate records
-- This could potentially cause issues with cross-certified subordinate CAs, but I think it would actually be fine as this wouldn't affect the Root Certificate record(s) tied to the same keys present in the cross-certified subordinate CAs. - Allow for Stores to set the status on Intermediate Certificate records explicitly, if, for example, a specific Intermediate Certificate is blocked or directly trusted/included by a Store.
I don't think this update is particularly urgent and could certainly be broken up into smaller tasks based on ROI for each.
Description
•