Document Signing and Audits Same As Parent Handling in CCADB
Categories
(CA Program :: Common CA Database, defect)
Tracking
(Not tracked)
People
(Reporter: bwilson, Assigned: bwilson)
Details
Here is a report of the problem:
The "CA Task List" in CCADB displays Failed ALV (Audit Letter Verification) Results for technically-constrained Document Signing cross-certificates issued by multi-purpose Root Certificates. ALV/CCADB flags these the cross-certificates for not being listed in the NETSEC audit report. The CCADB Certificate records had the "Audits Same As Parent?" option selected, with the parent records specifying NETSEC audit details. (But a NETSEC audit is not necessary for Document Signing.)
If, to resolve the Failed ALV Results, the "Audits Same As Parent?" option is deselected for the Certificate records, and the details of the Standard WebTrust audit are explicitly specified instead, then the "CA Task List" indicates that the "Subordinate CA Owner" field needs to be populated. But then, when viewing the Certificate records there is a message: "All provided Audits are same as parent. Please clear the Audit fields and check 'Audits Same as Parent'." (But following that advice would revert to the initial problem of Failed ALV Results.)
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 2•1 year ago
|
||
Our decision was to not revise the warning in the state where "Same as parent" is unchecked and the CA owner has explicitly specified the details of its Standard WebTrust audit and added its name as the CA owner of the subordinate CA certificate. The warning message is:
"All provided Audits are same as parent. Please clear the Audit fields and check "Audits Same as Parent"". This is an acceptable approach to resolve the Failed ALV Results, even though it introduces an additional warning.
Description
•