ACCV (Autoritat de Certificacio de la Comunitat Valenciana) is
a CA operated by the government of the Valencia region of Spain.
Seguridad y Sistemas de Informacion S.L.
Informe de Auditoria Independiente
CRL
http://ocsp.pki.gva.es/
DV, IV
Declaracion de Practicas de Certificacion (CPS) de la ACCV, v1.7 in Spanish
Certification policies and practices for the different types of certs (Spanish)
http://bugzilla.mozilla.org/show_bug.cgi?id=274100
Korea Information Security Agency (KISA) is the
Electronic Signature Authorization Management Center for South
Korea. The Korean Certification Authority Central (KCAC) of KISA
issues certificates to six (6) intermediate CAs ("licensed CAs"
or LCAs), which then issue end entity certificates to Korean
citizens, businesses, and other organizations.
Ministry of Information and Communication, Republic of Korea
Public statement by MIC re KISA/KCAC audit
Certificates are issued from this root only to KISA's 6
LCAs (Licensed CAs), not directly to end entities. Note that
this root is apparently being phased out in favor of the KISA
RootCA 1.
CRL
DV and IV
CPS 1.1 (English)
CPS 1.3 (Korean)
Certificate issuing procedure (Korean)
Web Server Security, Code-Signing, Secure E-mail Certificates Issuance Administration Guideline (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=335197
Certificates are issued from this root only to KISA's 6
LCAs (Licensed CAs), not directly to end entities. Note that
this root CA is replacing CertRSA01.
CRL
DV and IV
CPS 1.1 (English)
CPS 1.3 (Korean)
Certificate issuing procedure
Web Server Security, Code-Signing, Secure E-mail Certificates Issuance Administration Guideline (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=335197
Certificates are issued from this root only to KISA's 6
LCAs (Licensed CAs), not directly to end entities.
CRL
DV and IV
CPS 1.1 (English)
CPS 1.3 (Korean)
Certificate issuing procedure
Web Server Security, Code-Signing, Secure E-mail Certificates Issuance Administration Guideline (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=335197
Deutscher Sparkassen Verlag GmbH is the world's largest
smartcard provider and the central certification service
provider for all German savings banks. This CA exists to enable
up to 40 million German customers (end-users) to use their
banking card as a certificate based signature, encryption and
authentication device.
TÜV-IT
ETSI TS 101.456 Certificate
TÜV-IT
ETSI TS 102.042 Certificate
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
The Telekom-Control Commission is the Austrian supervisory authority for electronic signatures. Its
responsibility includes supervision of all certification service providers
established in Austria. For every CA key used by an
Austrian certification service provider, the TKK issues a certificate to the
certification service provider. Based on these certificates, all certificates
issued by supervised Austrian certification service providers can be verified.
There are five subordinate CAs, each of which issues certificates for a different purpose.
Secure Information Technology Center - Austria
Conformity Assessment Statement
The TKK issues certificates to certification service providers who are
supervised according to the Austrian Electronic Signatures Act.
The corresponding private keys of certification service
providers are used for issuing certificates to end entities (signatories).
CRL
OV
Certificate
Policy
Certificate
Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=373174
CRL doesn't work in Firefox - bug 133191.
VeriSign is a major commercial CA with worldwide
operations and customer base.
KPMG
Audit
Report and Management's Assertions
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects. VeriSign is not yet
actively issuing certificates from this root, so they have not
yet published a CRL. All subordinated CAs for this root will
be internally operated.
CRL
OV
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
https://bugzilla.mozilla.org/show_bug.cgi?id=409235
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects.
CRL
OV
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
https://bugzilla.mozilla.org/show_bug.cgi?id=484901
This root CA (also known as PCA1-G1-SHA1) has Signature Algorithm SHA-1 With RSA Encryption.
This root will supersede the PCA1-G1 root that is already included in NSS, which has
Signature Algorithm MD2 With RSA Encryption.
CRL
http://evintl-ocsp.verisign.com/
DV
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
https://bugzilla.mozilla.org/show_bug.cgi?id=490895
This root CA (also known as PCA2-G1-SHA1) has Signature Algorithm SHA-1 With RSA Encryption.
This root will supersede the PCA2-G1 root that is already included in NSS, which has
Signature Algorithm MD2 With RSA Encryption.
CRL
http://evintl-ocsp.verisign.com/
IV/OV
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
https://bugzilla.mozilla.org/show_bug.cgi?id=490895
This root CA (also known as PCA3-G1-SHA1) has Signature Algorithm SHA-1 With RSA Encryption.
This root will supersede the PCA3-G1 root that is already included in NSS, which has
Signature Algorithm MD2 With RSA Encryption.
The PCA3-G1 roots participate in the cross-signing scheme by which EV certs issued
under the VeriSign Class 3 Public Primary Certification Authority - G5 hierarchy may
chain up to existing VeriSign roots.
CRL
http://evintl-ocsp.verisign.com/
OV, EV (policy OID 2.16.840.1.113733.1.7.23.6)
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
https://bugzilla.mozilla.org/show_bug.cgi?id=490895
a.trust is an accredited Trust Center in
Austria issuing smartcard-based qualified certificates for Austrian citizens,
to be used in eGovernment, etc.
The intermediate CAs below this CA issue only qualified smartCard-based certificates
to a natural person after a face-to-face identification.
CRL
http://ocsp.a-trust.at/ocsp
IV
Full list of CPs
Full list of CPSes
https://bugzilla.mozilla.org/show_bug.cgi?id=373746
The intermediate CAs below this CA issue qualified smartCard-based certificates to a natural person after a face-to-face identification,
smartCard-based certificates to a natural person after a face-to-face identification (eg.: email), and
server certificates (eg. SSL) after domain-verification.
CRL
http://ocsp.a-trust.at/ocsp
DV, IV
Full list of CPs
Full list of CPSes
https://bugzilla.mozilla.org/show_bug.cgi?id=373746
Presumably the sub-CA for which they have given a CP/CPS is only signed by one of these four...
The intermediate CAs below this CA issue smartCard-based certificates to a natural person after a face-to-face identification (eg.: email),
software certificates (pKCS#12), and
server certificates (eg. SSL) after domain-verification
CRL
http://ocsp.a-trust.at/ocsp
DV, IV
Full list of CPs
Full list of CPSes
https://bugzilla.mozilla.org/show_bug.cgi?id=373746
The intermediate CAs below this CA issue smartCard-based certificates to a natural person after a face-to-face identification (eg.: email),
software certificates (pKCS#12), and
server certificates (eg. SSL) after domain-verification
CRL
http://ocsp.a-trust.at/ocsp
DV, IV
Full list of CPs
Full list of CPSes
https://bugzilla.mozilla.org/show_bug.cgi?id=373746
ARGE DATEN, the Austrian Society for Data Protection is a non-profit
non-governmental organisation. It is the Austrian market leader
in issuing certificates for eBilling. It operates subordinate CAs for eBilling,
SSL Server Certificates, SSL Client Certificates, and members of
governmental institutions.
This root certificate issues both end-user certificates and CA certificates.
It is the current root certificate of ARGE DATEN.
CRL
http://ocsp.a-cert.at
IV
A-CERT Certificate Policy v1.5
https://bugzilla.mozilla.org/show_bug.cgi?id=348987
This root certificate will not directly issue end-user certificates. It is used
to issue the subordinate CA certificates which in turn issue the end-user
certificates. This certificate is the
successor to the A-CERT ADVANCED root certificate.
CRL
http://ocsp.a-cert.at
IV
GLOBALTRUST Certificate Policy v1.2
https://bugzilla.mozilla.org/show_bug.cgi?id=348987
Trustis is a commercial CA operating primarily in the UK and Europe.
KPMG
Audit
Report and Management Assertions
tScheme
tScheme Grant of Approval
CRL
IV
Trustis FPS Root CP v1.04
PKI Disclosure Statement v1.04
Trustis CPS v1.1
https://bugzilla.mozilla.org/show_bug.cgi?id=324126
Kamu Sertifikasyon Merkezi is the one government CA in Turkey
that has authorization to issue certificates to
government entities. They are also authorised to issue to commercial companies.
Turkish Information and Communications Technologies Authority (ICTA)
ICTA statement of ETSI compliance
CRL
http://ocsp.kamusm.gov.tr
DV, IV
CP
CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=381974
https://bugzilla.mozilla.org/show_bug.cgi?id=499705
Izenpe is owned by the government of the Basque country, Spain.
BSI Management Systems
ETSI Certificate
This is the original root, which is still needed. This root has four
internally-operated subordinate CAs. There are two sub-CAs for Qualified
certificates, one for Public Administration, and one for Citizens and Entities.
There are also two sub-CAs for non-Qualified certificates, one for Public
Administration and one for Citizens and Entities, which issue SSL Server,
Email, and Code Signing certs.
CRL
http://ocsp.izenpe.com:8094
OV
CA Hierarchy
Links to CPS in Spanish, Basque, and English
CPS in English
Declaration of Practices for each type of certificate (Spanish and Basque)
https://bugzilla.mozilla.org/show_bug.cgi?id=361957
This is the new root, signed with SHA1.
This root has five internally-operated subordinate CAs.
One sub-CA issues EV SSL certs. Two of the sub-CAs are for Qualified certificates,
one for Public Administration, and one for Citizens and Entities. There are also
two sub-CAs for non-Qualified certificates, one for Public Administration and one
for Citizens and Entities, which issue SSL Server, Email, and Code Signing certs.
CRL
http://ocsp.izenpe.com:8094
OV, EV (Policy OID 1.3.6.1.4.1.14777.6.1.1)
CA Hierarchy
Links to CPS in Spanish, Basque, and English
CPS in English
Declaration of Practices for each type of certificate (Spanish and Basque)
https://bugzilla.mozilla.org/show_bug.cgi?id=361957
This is the new root, signed with SHA-256.
This root has five internally-operated subordinate CAs.
One sub-CA issues EV SSL certs. Two of the sub-CAs are for Qualified certificates,
one for Public Administration, and one for Citizens and Entities. There are also
two sub-CAs for non-Qualified certificates, one for Public Administration and one
for Citizens and Entities, which issue SSL Server, Email, and Code Signing certs.
CRL
http://ocsp.izenpe.com:8094
OV, EV (Policy OID 1.3.6.1.4.1.14777.6.1.1)
CA Hierarchy
Links to CPS in Spanish, Basque, and English
CPS in English
Declaration of Practices for each type of certificate (Spanish and Basque)
https://bugzilla.mozilla.org/show_bug.cgi?id=361957
TC TrustCenter GmbH is a commercial company based in Germany,
with customers in all major regions of the world. TC TrustCenter
offers a variety of products and services including SSL Server
certificates and Email certificates.
TÜV-IT Germany
ETSI TS 102.042 LCP Certificate
This root has four internally-operated subordinate CAs which issue
certificates for email and SSL client authentication.
This root also has an externally-operated sub-CA which is used to issue
certificates to company internal email users.
There are many customers who are using certificates chained to this
root for secure email with Thunderbird.
CRL
http://ocsp.tcclass1.trustcenter.de/
Hierarchy Diagram
TC TrustCenter GmbH Certification Practice Statement (CPS)
TC TrustCenter Certificate Policy Definitions (CPD)
TC TrustCenter CA Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=392024
This root will not be approved for inclusion.
This EV Root is being used to issue all types of certificates,
e.g. Email Security,SSL-Client-Authentication, SSL-Server, CodeSigning.
CRL
http://ocsp.tcclass4-ii.trustcenter.de
EV (policy OID 1.2.276.0.44.1.1.1.4)
Hierarchy Diagram
TC TrustCenter GmbH Certification Practice Statement (CPS)
TC TrustCenter Certificate Policy Definitions (CPD)
TC TrustCenter CA Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=436467
This Root is being used to issue all types of certificates,
e.g. Email Security, SSL-Client-Authentication, SSL-Server, CodeSigning.
CRL
http://ocsp.tcuniversal-ii.trustcenter.de
OV
Hierarchy Diagram
TC TrustCenter GmbH Certification Practice Statement (CPS)
TC TrustCenter Certificate Policy Definitions (CPD)
TC TrustCenter CA Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=392024
This root was postponed. A new bug will need to be created when ready to submit an inclusion request for this root.
QuoVadis is a commercial CA, based in Bermuda and
operating globally. QuoVadis is a Qualified Certification
Services Provider in Switzerland.
Ernst & Young
(Technology and Security Risk Services)
Audit
Report and Management's Assertions
KPMG
Swiss
Accreditation Service statement
Ernst & Young
CA-supplied
auditor's letter re WebTrust EV audit
This root will be used for SSL/device certificates,
including standard "organisation validated" certificates as well
as EV certificates. The associated EV policy OID is
1.3.6.1.4.1.8024.0.2.100.1.2.
CRL
http://ocsp.quovadisglobal.com/
OV, EV
QuoVadis
Root CA2 CP/CPS v1.8
https://bugzilla.mozilla.org/show_bug.cgi?id=403665
https://bugzilla.mozilla.org/show_bug.cgi?id=418701
Note that this root CA certificate is already included
in the Mozilla list (per bug 365281). The present request is to
enable this CA certificate for EV.
DigiCert is a US-based commercial CA with headquarters in Lindon, UT. DigiCert
provides digital certification and identity assurance services internationally
to a variety of sectors including business, education, and government.
KPMG
Audit Report and Management's Assertions
KPMG
Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria
CRL
http://ocsp.digicert.com
OV, EV (policy OID 2.16.840.1.114412.2.1)
DigiCert Certificate Policy and Certification Practice Statement (CP and CPS for OV), v3.0.6
DigiCert Certification Practice Statement for Extended Validation Certificates (CPS for EV), v1.0.1
https://bugzilla.mozilla.org/show_bug.cgi?id=403644
https://bugzilla.mozilla.org/show_bug.cgi?id=416827
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Comodo CA Ltd is a commercial CA based in the UK and
serving customers worldwide. Comodo has eleven root CA certs
already included in Mozilla, all of which it would like upgraded
for EV use, and one additional EV root requested for
inclusion. There are altogether 124 subordinate CAs signed by
the root CAs listed below. Some of them exist to differentiate
between different Comodo brands or products and some are used to
re-brand products for its partners. In each case Comodo retains
the private key for the subordinate CA within its
infrastructure.
KPMG
Audit Report and Management's Assertions
KPMG
Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV and code signing.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
Comodo Extended Validation (EV) Certification Practice Statement, Version 1.03
December Addendum to the Comodo Certification Practice Statement v.3.0 (28 November 2007)
Essential SSL addendum to the Certification Practice Statement (1 February 2007)
Positive SSL addendum to the Certification Practice Statement (23 June 2006)
LiteSSL addendum to the Certification Practice Statement (3 February 2005)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV and to enable all trust bits if not already
enabled.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
Comodo Extended Validation (EV) Certification Practice Statement, Version 1.03
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV, code signing, and email.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV, email, and code signing.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
Comodo Extended Validation (EV) Certification Practice Statement, Version 1.03
December Addendum to the Comodo Certification Practice Statement v.3.0 (28 November 2007)
Essential SSL addendum to the Certification Practice Statement (1 February 2007)
Positive SSL addendum to the Certification Practice Statement (23 June 2006)
LiteSSL addendum to the Certification Practice Statement (3 February 2005)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV, email, and code signing.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV, SSL, and email.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Comodo Certification Practice Statement, Version 3.0
November 2007 Addendum to the Comodo Certification Practice Statement v.3.0 (31 October 2007)
August 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0 (17 August 2007)
March 2007 Unified Communications Addendum to the Comodo Certification Practice Statement v.3.0 (1 March 2007)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Root CA certificate with subordinate CAs issuing SSL
certificates (DV, OV and EV), email certificates, and code
signing certificates.
CRL
http://ocsp.comodoca.com/
DV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
Note that this root CA certificate is already included
in the Mozilla list. The present request is to enable this CA
certificate for EV.
Cisco is a leading provider of networking equipment to
consumers and businesses worldwide.
PricewaterhouseCoopers
Audit Report and Management Assertions
This is an off-line root CA that issues CA certificates
to one or more Cisco-controlled subordinate CAs (including the
Cisco Manufacturing Sub-CA). The subordinate CAs in turn issue
end entity certificates, e.g., for use in Cisco network
equipment with embedded web servers and web-based
administrative interfaces.
CRL
IV/OV
Cisco Root CA 2048
Certification Practice Statement, Version 1.1
Cisco Root CA 2048 Certificate Policy, Version 1.0
https://bugzilla.mozilla.org/show_bug.cgi?id=416842
Verizon Business Security Solutions Powered by Cybertrust
operates a commercial certificate authority service for
businesses and governments internationally.
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
The request is to enable EV for this GTE CyberTrust Global Root
certificate, which is already included in NSS. This is presently
Cybertrust's mainstream root, issuing their standard
validation SSL server certificates, user authentication and
secure email certificates, and code signing certificates. This
root has existing subordinate CAs that are operated both
internally and by third-parties. The sub-CAs are required to
follow the CPS and to have regular audits. This CA will be
superseded by the Baltimore CybertTrust Root.
CRL
OV, EV (policy OID 1.3.6.1.4.1.6334.1.100.1)
Cybertrust CA Certificate Policy
Certification Practice Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=430694
During the public discussion it was decided that this root should not be enabled for EV. Therefore, the bug has been closed as won't fix.
The request is to enable EV and add the Code Signing trust bit
for the Baltimore CyberTrust Root certificate, which is already included
in NSS. This root will supersede Cybertrust's current
mainstream root, GTE CyberTrust Global Root. When that
happens, this root will have subordinate CAs that are operated
both internally and by third-parties. The sub-CAs are required
to follow the CPS and to have regular audits.
CRL
OV, EV (policy OID 1.3.6.1.4.1.6334.1.100.1)
Cybertrust CA Certificate Policy
Certification Practice Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=430698
SSC, Skaitmeninio Sertifkavimo Centras, is the Lithuanian Government accredited commercial CA issuing certificates to Government institutions, public services, businesses and citizens.
Information Society Development Committee Under The Government Of The Republic Of Lithuania
Statement of Compliance with ETSI TS 101.456
Lithuanian Government Qualified Certificate Service Provider
Root CA with four internally operated subordinate CAs: Class 1, Class 2, Qualified Class 3, and Qualified Class 3 VS.
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
This Root CA is a special purpose CA that has no subordinate CAs.
Root B is used for single-root certificates (SSL, Code Signing,
OCSP, time stamping).
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
Root C serves as a backup CA for Roots A and B. Just in case either
of those two roots become unusable and become revoked. According to
the government project that SSC is involved in, Root C will have to
be tested in a specific project where they must demonstrate availability
of its CRL and OCSP services. The project will accept Root C only if it
is a FireFox built-in object. If Root A does get revoked and Root C gets
put into service, then Root C will have four internally operated subordinate
CAs: Class 1, Class 2, Qualified Class 3, and Qualified Class 3 VS.
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
Sociedad Cameral de Certificación Digital - Certicámara S.A. is a
commercial CA primarily serving Colombia and Andean Region
Deloitte and Touche
Audit Report and Management's Assertions
This is the orginal root which expires in 2011. Certicámara
requests that this root also be added to the NSS database
because they have a significant number of customers that use it,
and their certificates expire in 2010. End entity certificates
have been issued directly from this root, rather than using an
offline root and issuing certs through a subordinate CA.
CRL
OV
Certificate Hierarchy
Certificate Policy
Declaration of Practices
http://bugzilla.mozilla.org/show_bug.cgi?id=401262
This root will not be approved for inclusion.
GeoTrust is a commercial CA with worldwide operations and
customer base; it is a subsidiary of VeriSign, Inc.
KPMG
Audit
Report and Management's Assertions
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects. GeoTrust is not yet
actively issuing certificates from this root, so they have not
yet published a CRL. All subordinated CAs for this root will
be internally operated.
CRL
OV
GeoTrust Certification Practice Statement, Version 1.1.1
Other documents
https://bugzilla.mozilla.org/show_bug.cgi?id=409236
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects.
CRL
OV
GeoTrust Certification Practice Statement, Version 1.1.1
Other documents
https://bugzilla.mozilla.org/show_bug.cgi?id=484899
thawte is a commercial CA with worldwide operations and
customer base; it is a subsidiary of VeriSign, Inc.
KPMG
Audit
Report and Management's Assertions
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects. thawte is not yet
actively issuing certificates from this root, so they have not
yet published a CRL. All subordinated CAs for this root will
be internally operated.
CRL
OV
thawte Certification Practice Statement, Version 3.7.1
https://bugzilla.mozilla.org/show_bug.cgi?id=409237
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects.
CRL
OV
thawte Certification Practice Statement, Version 3.7.1
https://bugzilla.mozilla.org/show_bug.cgi?id=484903
ICP Brasil (Infra-Estrutura de Chaves Públicas Brasileira)
is Brazil's National PKI created by the law Medida
Provisória nº 2.200-2 / 2001.
ICP Certificates are used in all secure Brazilian government
sites, other Brazilian sites and by financial institutions.
ICP-Brazil has the only (V0 and V1) chain operated by the ITI.
ICP-Brasil Management Committee
Audit Committee Aproval
Root cert used to secure Brazilian government and financial sites.
This root has 8 subordinate CAs that are externally operated.
CRL
Unkown
Subordinate CA Hierarchy
Audit Hierarchy
Companies operating the subordinate CAs
ICP-Brasil Certificate Practices
AC-Raiz Certificate Practices
https://bugzilla.mozilla.org/show_bug.cgi?id=438825
This is the next version of the Autoridade Certificadora
Raiz Brasileira root, which is used to secure Brazilian
government and financial sites.
CRL
Unkown
Subordinate CA Hierarchy
Audit Hierarchy
Companies operating the subordinate CAs
ICP-Brasil Certificate Practices
AC-Raiz Certificate Practices
https://bugzilla.mozilla.org/show_bug.cgi?id=438825
E-TUGRA is the EBG Informatics Technologies and Services Corporation.
E-TUGRA is a privately held CA operating in Ankara, Turkey, with customers
from all geographic areas within Turkey. E-TUGRA has been certified as one
of the four authorized CAs that issues qualified certificates as well as
SSL and other types of certificates to public in Turkey.
Turkish Information and Communications Technologies Authority (ICTA)
ICTA statement of ETSI compliance
From this root CA E-TUGRA has issued two internally-operated subordinate
CAs. The Qualified Certificate (QC) subordinate CA issues certificates
for Digital Signing and Non-Repudiation (document and email signing).
The Non Qualified Certificate (NQC) subordinate CA (EBG Web Sunucu
Sertifika Hizmet Sağlayıcısı) issues certificates for SSL, email
encryption, and code signing.
CRL
http://ocsp.e-tugra.com/status/
OV
Non Qualified (NQC) CP/CPS in English
Qualified (QC) CP/CPS in English
https://bugzilla.mozilla.org/show_bug.cgi?id=443653
AC Camerfirma S.A. is a commercial CA issuing certificates for companies
primarily in Spain. Camerfirma is the digital certification authority for
Chambers of Commerce in Spain.
Ernst and Young
Audit Report and Management's Assertions
This CA has four internally-operated subordinate CAs that issue certificates
for Spanish companies and representatives. Chambers of Commerce act as RAs
for end user registration.
CRL
http://ocsp.camerfirma.com
OV
Certificate Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=406968
This CA has internally-operated subordinate CAs that issue certificates for
general use globally. Other companies act as RAs for end user registration.
CRL
http://ocsp.camerfirma.com
OV
Certificate Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=406968
Hongkong Post is a government agency and is a recognized CA under
the law of Hong Kong Special Administrative Region (HKSAR) of China,
and has been issuing digital certificates under the e_Cert brand name
to individuals and organizations of HKSAR since January 2000.
Hongkong Post CA operations have been outsourced to E-Mice Solutions.
This is documented in the CPS and the Management Assertions.
The WebTrust audit covers both Hongkong Post and E-Mice CA operations.
PricewaterhouseCoopers
Audit Report and Management Assertions
This root has only one direct subordinate, Hongkong Post e-Cert CA 1,
which is the signer key and is used to issue different types of recognized
e-Certs to individuals and organizations.
CRL
OV
Certificate Practice Statement for e-Certs
https://bugzilla.mozilla.org/show_bug.cgi?id=408949
File NSS bug after the CRL issues have all been resolved.
SK (Certification Centre, legal name AS Sertifitseerimiskeskus) is a
commercial CA, covering the Baltic region (Estonia, Lithuania, Latvia).
SK is Estonia's primary certification authority, providing certificates
for authentication and digital signing to Estonian ID Cards. Established in
2001, SK has the backing of Estonian and Nordic financial and telecom sector.
SK’s customers include the Estonian court system and notaries, Central Bank
and commercial banks, and enforcement organisations (e.g. Police).
KPMG Estonia
Audit Report
This root issues three types of internally operated subordinate CAs.
The first type of subordinate CA is used to issue electronic ID cards
which contain certificates for digital signature and for digital
identification.
The second type of subordinate CA is used to issue internal ID cards
of the Republic of Estonia.
The third type of subordinate CA is used to issue device and SSL certificates.
CRL
http://ocsp.sk.ee
OV
Certificate Hierarchy Diagram
Certificate Practice statement
EID-SK Certificate Policy
ESTEID-SK Certificate Policy
KLASS3-SK Certificate Policy
https://bugzilla.mozilla.org/show_bug.cgi?id=414520
Latvijas Pasts (Latvian Post) is a commercial CA operating primarily in
Latvia, targeting also Estonia and Lithuania. Latvian Post provides
certificate services to banks and postal services to the legal entities
and private individuals of the Republic of Latvia. Their accreditation
certification services include electronic signature certificates that are
issued according with local legislations (Electronic Document Law), smart
cards with two certificates (authentication and qualified signature) used
for authentication and document signing in Latvia, and SSL certificates
and Code Signing certificates for customers in European Union.
KPMG Latvia
Accreditation Certificate by Data State Inspection
This root CA issues an intermediate Policy CA, which issues the
Issuing CAs for Certificate Service Providers (CSPs).
CRL
http://ocsp.e-me.lv/responder.eme
OV
Certificate Status Check Tool
Download links for the root and intermediate CAs
Certificate Policy of the Certification Service Providers
Certificate Practice Statement of the Root CA
Certificate Practice Statement of the Policy CA
Certificate Practice Statment of the Issuing CAs of the Certification Service Providers
Certificate Practice Statement of the Infrastructure Certificates
Time-Stamp Policy
Time Stamp Authority Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=412747
Fábrica Nacional de Moneda y Timbre (FNMT) is a government agency that
provides services to Spain as a national CA.
BSI Management Systems B.V
Auditor Statement of ETSI Compliance
This root has no subordinate CAs and is 1024 bit.
CRL
http://apus.cert.fnmt.es/appsUsuario/ocsp/OcspResponder
OV
Certificate Policy
https://bugzilla.mozilla.org/show_bug.cgi?id=435736
TURKTRUST Information Security Services Inc. is a public corporation and
is an IT company based in Turkey.
TURKTRUST is an authorized qualified electronic certificate service provider
according to the Turkish Electronic Signature Law. TURKTRUST issues qualified
certificates, time-stamping services, SSL certificates, and object signing certificates.
Turkish Telecommunications Authority
Letter of Official CA Statement
List of accredited CAs
Audit statement on auditor website
This is an offline root with one internally-operated subordinate CA that
issues qualified electronic certificates in accordance with
Turkish Electronic Signature Law.
CRL
http://ocsp.turktrust.com.tr
OV
Certification Practice Statement
Certificate Hierarchy
https://bugzilla.mozilla.org/show_bug.cgi?id=433845
Chunghwa Telecom (CHT) chiefly provides telecommunication and information-related
services. A public corporation, CHT is the largest integrated telecommunication
operator in Taiwan.
Sun Rise CPA Firm of DFK International
Audit Report and Management's Assertions
This is the eCA root, which has two subordinate CAs: CHTCA and Public CA.
The CHTCA is the internal CA of Chunghwa Telecom (CHT) which signs certificates
for CHT employees. The Public CA signs certificates for CHT clients.
CRL
DV, OV
CHT Certificate Repository
ePKI CP
eCA CPS
Public CA CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=448794
https://bugzilla.mozilla.org/show_bug.cgi?id=496193
In the eCA CPS the term cross-certificate means a certificate used to establish
a trust relationship between two CAs. Within the ePKI the cross-certificate is
intended to mean subordinate CA. All subordinate CAs are operated by the Data
Communication Business Group, which is a division of Chunghwa Telecom.
Swiss BIT is also known as the Federal Office of Information Technology and
Telecommunication (FOITT) which operates servers and software applications for the
Confederation (one of the biggest employers in Switzerland) and third parties. The
FOITT also operates a carrier network for the Federal administration and organisations
close to the administration. Various, partly encrypted, virtual private networks (VPN)
are operated on this carrier network. Overall the FOITT serves 1200 locations in
Switzerland and 200 locations worldwide. The FOITT is also responsible for networking
the Swiss cantons and the Principality of Liechtenstein.
KPMG SA Switzerland
Audit Report and Management's Assertions
This root has three internally-operated subordinate CAs, with two currently in
operation. The sub-CAs issue certificates for hardware tokens to be used 1) for
identification, digital signatures, encryption, and authentication of individuals
2) for qualified digital signatures. The hardware tokens are issued to employees
of an administrative unit (federal, cantonal or municipal administration) who
already have their information published in Swiss BIT's Admin-Directory.
CRL
http://ocsp.pki.admin.ch
DV, OV
Admin PKI Repository
Hierarchy Diagram
CPS for AdminPKI - ClassA (AdminCA-A-T01 sub-CA)
CPS for AdminPKI-Class B (Admin-CA2 and Admin-CA3 sub-CAs)
https://bugzilla.mozilla.org/show_bug.cgi?id=435026
This root does not have subordinate CAs. It issues end-entity certificates directly
for users/organizations and devices/servers for identification, digital signatures,
encryption, code/document signing, webserver authentication (SSL), and application
server authentication. These certificates may be applied for by members of an
administrative unit (federal, cantonal or municipal administration) that have concluded
a framework agreement and SLA with Swiss BIT.
CRL
http://ocsp.pki.admin.ch
DV, OV
Admin PKI Repository
Hierarchy Diagram
AdminPKI CP/CPS Class CD-T01 (English)
Process Description for Provisioning Server certificates (German)
https://bugzilla.mozilla.org/show_bug.cgi?id=435026
Disig is a public Certification Service Provider, located in Slovakia.
Disig is a member of international ASSECO Group, one of the strongest
software houses in the CEE region. Asseco is a leader in selected IT
segments in countries across Central and Eastern Europe.
Independent Team of Auditors managed by Mr. Jan Cesnak
Audit Report Statement
This root has no subordinate CAs, issuing end-entity certs
for SSL, email, and code signing directly.
CRL
OV
Certificate Policy in English
Certificate Policy in Slovak
Disig Certification Authority Website
https://bugzilla.mozilla.org/show_bug.cgi?id=455878
Staat der Nederlanden is the Netherlands national government CA. The Dutch
governmental PKI hierarchy consists of 2 roots. This first root, Staat der
Nederlanden Root CA, is already included in NSS. The second root is the
next generation, Staat der Nederlanden Root CA – G2.
KPMG
Audit Report and Management Asserstions
This is the next generation of the Staat der Nederlandend Root CA that
is currently in the Mozilla store. The PKIoverheid issues two internally
operated subordinate CAs, which issue subordinate CAs to CSPs. The CSPs
are commercial and governmental organizations. Each CSP has to prove that
it complies with ETSI TS 101 456 and the Dutch law on electronic signatures.
CSPs must conclude a contract with a representative of a government
organization or commercial company before issuing end-entity certificates.
A request for a certificate is always signed by a specified representative
of a government organization or commercial company.
CRL
OV
Description of PKI Overheid
Certification Practice Statement of the Policy Authority PKI Overheid
Certificate Policy Part 3a for employees of governmental organizations or commercial companies
Certificate Policy Part 3b for SSL services of governmental organizations or commercial companies
Certificate Policy Part 3c for personal use of civilians
https://bugzilla.mozilla.org/show_bug.cgi?id=436056
Serasa has 5 CAs under ICP-Brasil and 4 CAs not linked to ICP-Brasil.
This request is in regards to the CAs not linked to ICP-Brasil.
Serasa is a subsidiary of Experian which is a public, global corporation.
Serasa is an economic and financial analysis and information firm with global
coverage. Serasa has presence in all Brazilian state capitals and major cities,
and is the holder of Latin America's largest data bank on individuals, businesses
and corporate concerns.
Deloitte Touche Tohmatsu
Auditor Statement from 2004
Serasa CA I provides and sells digital certificates for general public that
need to sign electronic documents or be authenticated in a website.
CRL
IV/OV
Certificate Policy
Certificate Practices Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=457921
Serasa CA II provides and sells server and code signing certificates for
corporations.
CRL
IV/OV
Certificate Policy
Certificate Practices Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=457921
Serasa CA III provides CA certificates for Serasa and their clients in CA business.
CRL
IV/OV
Certificate Policy
Certificate Practices Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=457921
Serasa CA IV provides and sells digital certificates for general public that
need to sign any kind of electronic documents or be authenticated in a website.
It has also “Smart Card Logon” (OID 1.3.6.1.4.1.311.20.2.2) applied.
CRL
IV/OV
Certificate Policy
Certificate Practices Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=457921
In Japan there are two root CAs, one is GPKI (Government Public Key Infrastructure)
and the other one is LGPKI (Local government public Key Infrastructure).
GPKI is controlled by the Ministry of Internal Affairs/Communications and
National Information Security Center, and it is separate from Local government
sectors. The Japanese government decided to centralize to GPKI from each of the
ministry's certification systems and it has finished migration on Oct, 2008.
Deloitte Touche Tohmatsu
Audit Report and Management's Assertions (Japanese)
Audit Report and Management's Assertions (English)
This root is operated by the national government of Japan. It issues server
certificates and code signing certificates to national government agencies.
This root issues end-entity certificates directly, and does not have any subordinate CAs.
CRL
IV/OV
ApplicationCA Info
CP/CPS in English
CP/CPS in Japanese
https://bugzilla.mozilla.org/show_bug.cgi?id=474706
The Population Register Centre operates under the Finland Ministry of Finance
to develop and maintain the national Population Information System, the guardianship
register and the Public Sector Directory Service. The Population Register Centre serves
as the Certification Authority for the State of Finland, and thus develops and maintains
the national certificate services to Finnish Citizens, state workers and organizations.
All certificates issued to natural persons by the Population Register Centre are qualified
certificates, i.e. European-wide certificates based on an EU Directive and Finnish legislation.
Inspecta Finland
ISO 27001 Audit Certificate
ISO 27001 Audit Certificate in English
Inspecta Finland
ISO 9001 Audit Certificate
ISO 9001 Audit Certificate in English
This root issues internally-operated intermediate CAs.
CRL
IV/OV
Technical Specifications
FINEID Specification S2 - CA-model and certificate contents
Links to Intermediate CAs
Service Provider for Server CPS in Finnish
Smartcard Citizen Certificates CPS in English
Smartcard Qualified Certificates CPS in English
Smartcard Temporary Certificates CPS in Finnish
Software Cert Service Provider for E-mail Use CPS in Finnish
https://bugzilla.mozilla.org/show_bug.cgi?id=463989
certSIGN is operated by SC CERTSIGN srl, a private corporation. certSIGN
is a company member of UTI Group and an accredited supplier of certification
services. certSIGN solutions are developed integrally in Romania.
Ernst and Young
Audit Report and Management's Assertions
This root issues internally-operated subordinate CAs for different
classes of certificates based on use and verification requirements.
CRL
http://ocsp.certisgn.ro
OV
Certification Policy in English
Certification Practice Statement in English
Download Links of Subordinate CAs
https://bugzilla.mozilla.org/show_bug.cgi?id=470756
D-TRUST GmbH is a wholly owned subsidiary of Bundesdruckerei
(100% Governmental), and is the only German trust center authorised
to perform sovereign tasks. The primary market is the German speaking
area (Austria, Germany, Switzerland) and B2B focused.
TÜV-IT Germany
Audit Certificate
This root will eventually have three internally-operated subordinate
CAs. It currently has one subordinate CA called D-TRUST Service
Class 3 CA 1 2008 which issues website certificates. The other two
subordinate CAs that will be created will be for email and code signing.
CRL
http://ssl.ocsp.d-trust.net
OV
D-TRUST-Root PKI Certification Practice Statement in English
CPS in German
CP in German
https://bugzilla.mozilla.org/show_bug.cgi?id=467891
China Internet Network Information Center (CNNIC), the state network information
center of China, is a non-profit organization. CNNIC takes orders from the
Ministry of Information Industry (MII) to conduct daily business, while it is
administratively operated by the Chinese Academy of Sciences (CAS). The CNNIC
Steering Committee, a working group composed of well-known experts and commercial
representatives in domestic Internet community, supervises and evaluates the structure,
operation and administration of CNNIC. The objective customers of the CNNIC root are
domain owners from general public, including enterprise, government, organization,
league, individual, etc.
Ernst and Young
Audit Report and Management's Assertions
This root has one internally-operated subordinate CA named CNNIC SSL, which offers
only SSL certificates that may be issued to general public, including
enterprise, government, organization, league, individual, etc.
CRL
OV
Policies of the CNNIC Trusted Network Service Center
English CPS of the CNNIC Trusted Network Service Center
https://bugzilla.mozilla.org/show_bug.cgi?id=476766
The Edicom Certification Authority (ACEDICOM) provides companies, communities
and physical persons with secure electronic identification mechanisms that
enable them to engage in activities where the digital signature replaces the
handwritten with identical legal guarantees. To this end, ACEDICOM issues
certificates in accordance with the stipulations of Directive 1999/93/EC of
13th December 1999 and Law 59/2003 of 19th December, on electronic signature,
and so has sufficient recognition to operate in all countries of the European
Union. The Edicom CA is responsible for obtaining the corresponding official
authorisation in those places outside the Union where it operates commercially.
S21sec
Audit Report
This root has three internally-operated subordinate CAs. The ACEDICOM 01
subordinate CA issues Qualified certificates for identification and advanced
electronic signature, for the use of physical persons or legal organisations.
The ACEDICOM 02 subordinate CA issues certificates for purposes other than
Qualified electronic signature. The ACEDICOM Servidores subordinate CA issues
server/client certificates and code signing certificates.
Root CRL
http://ocsp.acedicom.edicomgroup.com/acedicom01
OV
CPS in English
CPS in Spanish
Declaration of Certification Practices and Policies according to Certificate Type
TLS Certificate Policy (in Spanish)
https://bugzilla.mozilla.org/show_bug.cgi?id=471045
NetLock Ltd. is a qualified Certificate Authority in Hungary that issues certificates to organizations and individuals.
National Communications Authority, Hungary
Statement of audit conformance in English
Statement of the NCA that Netlock is a Qualified Service Provider
CERT-Hungary
Cover letter of the rDSP audit in Hungarian
English Translation of part of the rDSP Audit Report
NetLock currently has four separate root CAs included in NSS. The redesigned
equivalent of these existing roots will be created under this new root.
The new root will sign seven internally-operated subordinate CAs. Two of those
subordinate CAs will sign sub-CAs that will be externally-operated by
MKB (Hungarian Trade Bank) and MNB (National Bank of Hungary).
CRL for Class B
http://ocsp1.netlock.hu/gold.cgi
OV
CA Hierarchy
Practice Statements and Terms of Agreements in Hungarian
CPS in English
Verification Practice for Non-Qualified certificates
Non-qualified certificate CRL and OCSP profile definitions
Certificate Issuance Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=480966
CATCert is the Catalan Agency of Certification (Agència Catalana de Certificació).
CATCert’s aim is to provide digital certification services and promote the usage
of digital signature in order to make safer the communications within the Catalan
government and the communications (within and for) the Catalan government.
Ernst and Young
Audit Report and Management Assertions
This root has seven internally-operated subordinate CAs. The subordinate CAs
are used to distinguish who the certificates are issued to. The EC-IDCAT
certificates are issued to Catalan citizens. The EC-SAFP (a sub-CA of EG-GENCAT),
EC-AL, and EC-PARLAMENT certificates are not issued to the general public, but
only to the civil servants and computers or devices of the Regional Catalan
government, the Catalan Government, and the Catalan Parliament. The EC-UR and
EC-URV certificates are not issued to the general public, but to employees,
students and computers or devices of Catalan universities and research centers
connected to the “Anella Científica” group, and the Universitat Rovira i
Virgili (URV).
CRL
http://ocsp.catcert.net
OV
CA Hierarchy Diagram
English version of CPS
CPS in Catalan
CP in Catalan
The CPS/CP for each sub-CA in Catalan
https://bugzilla.mozilla.org/show_bug.cgi?id=295474
E-Guven is a private corporation that serves certificates mainly to the
Turkish market and they plan to expand their market to other countries.
Republic of Turkey Telecommunicatins Authority
Letter from Auditor
CRL
http://ocsp2.e-guven.com/ocsp.xuda
OV
CPS in Turkish
https://bugzilla.mozilla.org/show_bug.cgi?id=476428
Buypass has over 2 million customers in Norway and is a provider of secure
solutions for electronic identification, electronic signature, and payment.
Buypass is registered with the Post and Telecommunications Authority as the
issuer of the qualified ID according to the law on electronic signature. The
company has a license from the Ministry of Finance as e-money business pursuant
to the Act on e-money.
KPMG
Audit Report and Management’s Assertions
KPMG
Audit Report and Management’s Assertions
This root signs end-entity certificates directly, and does not have
subordinate CAs.
Buypass Class 2 certificates are issued to persons or enterprises and have the
same basic usage areas as Class 3 certificates. The Class 2 CP has, however,
less strict requirements with respect to identification of the requesting party
than Class 3 certificates.
CRL
https://ocsp.prod.buypass.no/BPClass2
OV
CP and CPS
Buypass Class 2 SSL Certificate Policy in English
Buypass Class 2 SSL Certificate Practice Statement in English
https://bugzilla.mozilla.org/show_bug.cgi?id=477028
https://bugzilla.mozilla.org/show_bug.cgi?id=499712
This root signs end-entity certificates directly, and does not have
subordinate CAs.
The Buypass Class 3 certificates are either issued to persons or enterprises.
The certificates may be used for authentication purposes, encryption/decryption
and/or electronic signatures (non-repudiation). The certificates are part of an
infrastructure provided by Buypass AS enabling electronic commerce in Norway.
The certificates are used by many different service providers ranging from purely
commercial companies to governmental and other public institutions including the
health sector.
Extended Validation SSL certificates will be issued exclusively by Class 3 CA.
CRL
https://ocsp.prod.buypass.no/BPClass23
OV, EV (Policy OID 2.16.578.1.26.1.3.3)
CP and CPS
Buypass Class 3 SSL Certificate Policy in English
Buypass Class 3 SSL Certificate Practice Statement in English
https://bugzilla.mozilla.org/show_bug.cgi?id=477028
https://bugzilla.mozilla.org/show_bug.cgi?id=499712
https://bugzilla.mozilla.org/show_bug.cgi?id=499716
In Japan there are two root CAs, one is GPKI which acts as a root for national
government agencies, and the other one is LGPKI (Local Government PKI) which
serves the same function for regional and local governments. LGPKI is controlled
by the Local Government Wide Area Network (LGWAN) Operation Committee.
Deloitte Touche Tohmatsu
Audit Report and Management’s Assertions
CRL
OV
CP/CPS in Japanese
https://bugzilla.mozilla.org/show_bug.cgi?id=477314
První certifikační autorita, a.s. (First certification authority - I.CA), is the
largest provider in the field of issuing and administrating the certificates in
the Czech republic. It renders its services in the Slovak republic as well. There
have been already more than million of issued certificates registered till today.
CRL
OV
CP in Czech
https://bugzilla.mozilla.org/show_bug.cgi?id=484171
CRL
OV
CP in Czech
https://bugzilla.mozilla.org/show_bug.cgi?id=484171
SUSCERTE stands for Superintendencia de Servicios de Certificación Electrónica,
which is part of the Ministry of People's Power for Telecommunications and
Informatics in the Bolivarian Republic of Venezuela. SUSCERTE is a national
government CA that provides electronic certification services to the Bolivarian
Republic of the Government of Venezuela.
Mariclen Villegas
Audit Statement in Spanish
This root CA is the Root Certification Authority of Venezuela’s National
Infrastructure of Electronic Certification. The main function of this root
is to issue the intermediate CAs to the Certification Service Suppliers (CSS)
of the public and private sector, according to the Law on Data Messages and
Electronic Signature (LSMDFE). Once a CSS has been accredited by SUSCERTE according
to the LSMDFE, the CSS must issue the certificates in accordance with the purpose of
the electronic certificates specified in their own Declaration of Practices of
Certification and Policy of Certificates.
CRL
http://ocsp.suscerte.gob.ve
OV
Declaration of Practices of Certification (DPC) of root in Spanish
DPC of root in English
Model of DPC for Certification Service Suppliers (CSS) in Spanish
Guide for Accreditation of CSS in Spanish
Guide Technology Standards and Guidelines for Accreditation of CSS in Spanish
National Infrastructure of Electronic Certificate: Structure, Certificate, and CRL in Spanish
https://bugzilla.mozilla.org/show_bug.cgi?id=489240
Japan Certification Services, Inc. (JCSI) is a commercial CA whose primary
market is Japan. Some of the relying parties are outside Japan, such as US,
Canada, European countries, and Asia.
Ernst and Young ShinNihon LLC
Audit Report and Management’s Assertions
This root has one internally-operated subordinate CA for issuing SSL
certificates to the public. In the future, JCSI plans to add other
internally-operated subordinate CAs for S/MIME, Time Stamping, and other
certificate types.
CRL
OV
Repository
CP/CPS in English
https://bugzilla.mozilla.org/show_bug.cgi?id=496863
Keynectis is a French commercial CA that issues certificates to the general
public. Keynectis was created by merging two previous French certification
operators, Certplus and PK7.
LSTI - La Sécurité des Technologies de l'Information
ETSI Certificate
KPMG
Audit Report and Management's Assertion
This root is already included in NSS. The current request is to EV-enable the root.
A new, internally-operated subordinate CA has been created for issuing EV SSL
certificates.
CRL
http://kvalid.keynectis.com/evssl-ocsp/
OV, EV (Policy OID 1.3.6.1.4.1.22234.2.5.2.3.1)
Declaration des Pratiques de Certification (CPS in French)
EV SSL CPS (in English)
Root CA CP (in English)
SSL CP (in English)
SSL CPS (in English)
Keynectis Information (in English)
https://bugzilla.mozilla.org/show_bug.cgi?id=335392
https://bugzilla.mozilla.org/show_bug.cgi?id=379032