Korea Information Security Agency (KISA) is the
Electronic Signature Authorization Management Center for South
Korea. The Korean Certification Authority Central (KCAC) of KISA
issues certificates to intermediate CAs ("licensed CAs"
or LCAs), which then issue end entity certificates to Korean
citizens, businesses, and other organizations.
Ministry of Public Administration and Security (MOPAS)
Audit Statement
Certificates are issued from this root only to KISA's
LCAs (Licensed CAs), not directly to end entities.
CRL
OV
Document Repository
CPS (Korean)
CPS (English)
Korea Electronic Signature Act (English)
Korea Electronic Signature Act Enforcement Regulations (English)
Certificate Issuing Procedure Guidelines(Korean)
Certificate Issuing Procedure Guidelines(English)
https://bugzilla.mozilla.org/show_bug.cgi?id=335197
Deutscher Sparkassen Verlag GmbH is the world's largest
smartcard provider and the central certification service
provider for all German savings banks. This CA exists to enable
up to 40 million German customers (end-users) to use their
banking card as a certificate based signature, encryption and
authentication device.
TÜV-IT
ETSI TS 101.456 Certificate
TÜV-IT
ETSI TS 102.042 Certificate
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
This root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
CRL
http://ocsp-q.s-trust.de
IV
Certification Practice Statement for the S-TRUST Network
https://bugzilla.mozilla.org/show_bug.cgi?id=370627
Not approved for inclusion.
The Telekom-Control Commission is the Austrian supervisory authority for electronic signatures. Its
responsibility includes supervision of all certification service providers
established in Austria. For every CA key used by an
Austrian certification service provider, the TKK issues a certificate to the
certification service provider. Based on these certificates, all certificates
issued by supervised Austrian certification service providers can be verified.
There are five subordinate CAs, each of which issues certificates for a different purpose.
Secure Information Technology Center - Austria
Conformity Assessment Statement
The TKK issues certificates to certification service providers who are
supervised according to the Austrian Electronic Signatures Act.
The corresponding private keys of certification service
providers are used for issuing certificates to end entities (signatories).
CRL
OV
Certificate
Policy
Certificate
Practice Statement
https://bugzilla.mozilla.org/show_bug.cgi?id=373174
CRL doesn't work in Firefox - bug 133191.
Symantec acquired the VeriSign Authentication Services and root certificates,
and is a major commercial CA with worldwide operations and customer base.
KPMG
Audit Reports and Management's Assertions
This request is to EV-enable this SHA256 root which is currently included in NSS.
This root is currently used to sign the VeriSign Class 3 SSP Intermediate CA - G2,
which is used to issue Non-Federal SSP SHA256 CAs to customers, but those SubCAs are
operated internally by Symantec.
This root will be used in the future to sign certificates for SSL-enabled servers,
and may be used to sign certificates for digitally-signed executable code objects.
CRL
http://ocsp.ws.symantec.com
OV, EV (Policy OID 2.16.840.1.113733.1.7.23.6)
VeriSign Certification Practice Statement
VeriSign Trust Network Certificate Policies
CA Hierarchy Diagram
https://bugzilla.mozilla.org/show_bug.cgi?id=536318
https://bugzilla.mozilla.org/show_bug.cgi?id=515470
https://bugzilla.mozilla.org/show_bug.cgi?id=872288
GeoTrust is a subsidiary of Symantec. Symantec acquired the VeriSign Authentication Services
and root certificates, and is a major commercial CA with worldwide operations and customer base.
KPMG
Audit
Report and Management's Assertions
This request is to EV-enable the SHA256 root which is currently included in NSS.
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects.
CRL
http://pca-g3-ocsp.geotrust.com
DV, OV, EV (OID 1.3.6.1.4.1.14370.1.6)
Document Repository
GeoTrust Certification Practice Statement
GeoTrust Subscriber Agreement
GeoTrust Relying Party Agreement
GeoTrust Reseller Agreement
GeoTrust EnterpriseSSL Agreement
https://bugzilla.mozilla.org/show_bug.cgi?id=539255
https://bugzilla.mozilla.org/show_bug.cgi?id=517234
https://bugzilla.mozilla.org/show_bug.cgi?id=872294
Thawte is a subsidiary of Symantec. Symantec acquired the VeriSign Authentication
Services and root certificates, and is a major commercial CA with worldwide operations and customer base.
KPMG
Audit
Report and Management's Assertions
This request is to EV-enabled this SHA256 root which is currently included in NSS.
This CA will be used to sign certificates for SSL-enabled servers,
and may in the future be used to sign certificates for
digitally-signed executable code objects. thawte is not yet
actively issuing certificates from this root, so they have not
yet published a CRL. All subordinated CAs for this root will
be internally operated.
CRL
http://ocsp.thawte.com
DV,OV, EV (Policy OID 2.16.840.1.113733.1.7.48.1)
Thawte Document Repository (English)
Thawte CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=539257
https://bugzilla.mozilla.org/show_bug.cgi?id=521869
https://bugzilla.mozilla.org/show_bug.cgi?id=872304
Comodo CA Ltd is a commercial CA based in the UK and
serving customers worldwide.
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
CRL
http://ocsp.comodoca.com
DV, OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Document Repository
CPS
EV CPS
EV Addendum to CPS
ECC CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=606947
CRL
http://ocsp.usertrust.com
DV, OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Document Repository
CPS
EV CPS
EV Addendum to CPS
ECC CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=606947
CRL
http://ocsp.usertrust.com
DV, OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
Document Repository
CPS
EV CPS
EV Addendum to CPS
ECC CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=606947
Cisco is a leading provider of networking equipment to
consumers and businesses worldwide.
PricewaterhouseCoopers
Audit Report and Management Assertions
This is an off-line root CA that issues CA certificates
to one or more Cisco-controlled subordinate CAs (including the
Cisco Manufacturing Sub-CA). The subordinate CAs in turn issue
end entity certificates, e.g., for use in Cisco network
equipment with embedded web servers and web-based
administrative interfaces.
CRL
IV/OV
Cisco Root CA 2048
Certification Practice Statement, Version 1.1
Cisco Root CA 2048 Certificate Policy, Version 1.0
https://bugzilla.mozilla.org/show_bug.cgi?id=416842
Verizon Business Security Solutions Powered by Cybertrust
operates a commercial certificate authority service for
businesses and governments internationally.
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
The request is to enable EV and add the Code Signing trust bit
for the Baltimore CyberTrust Root certificate, which is already included
in NSS. This root will supersede Cybertrust's current
mainstream root, GTE CyberTrust Global Root. When that
happens, this root will have subordinate CAs that are operated
both internally and by third-parties. The sub-CAs are required
to follow the CPS and to have regular audits.
CRL
OV, EV (policy OID 1.3.6.1.4.1.6334.1.100.1)
Cybertrust CA Certificate Policy
Certification Practice Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=430698
SSC, Skaitmeninio Sertifkavimo Centras, is the Lithuanian Government accredited commercial CA issuing certificates to Government institutions, public services, businesses and citizens.
Information Society Development Committee Under The Government Of The Republic Of Lithuania
Statement of Compliance with ETSI TS 101.456
Lithuanian Government Qualified Certificate Service Provider
Root CA with four internally operated subordinate CAs: Class 1, Class 2, Qualified Class 3, and Qualified Class 3 VS.
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
This Root CA is a special purpose CA that has no subordinate CAs.
Root B is used for single-root certificates (SSL, Code Signing,
OCSP, time stamping).
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
Root C serves as a backup CA for Roots A and B. Just in case either
of those two roots become unusable and become revoked. According to
the government project that SSC is involved in, Root C will have to
be tested in a specific project where they must demonstrate availability
of its CRL and OCSP services. The project will accept Root C only if it
is a FireFox built-in object. If Root A does get revoked and Root C gets
put into service, then Root C will have four internally operated subordinate
CAs: Class 1, Class 2, Qualified Class 3, and Qualified Class 3 VS.
CRL
http://ocsp.ssc.lt:2560
DV, OV
PKI Disclosure Statement
Certificate Practices
Certificate Practices Statement
http://bugzilla.mozilla.org/show_bug.cgi?id=379152
Sociedad Cameral de Certificación Digital - Certicámara S.A. is a
commercial CA primarily serving Colombia and Andean Region
Deloitte and Touche
Audit Report and Management's Assertions
This is the orginal root which expires in 2011. Certicámara
requests that this root also be added to the NSS database
because they have a significant number of customers that use it,
and their certificates expire in 2010. End entity certificates
have been issued directly from this root, rather than using an
offline root and issuing certs through a subordinate CA.
CRL
OV
Certificate Hierarchy
Certificate Policy
Declaration of Practices
http://bugzilla.mozilla.org/show_bug.cgi?id=401262
This root will not be approved for inclusion.
ICP Brasil (Infra-Estrutura de Chaves Públicas Brasileira)
is Brazil's National PKI created by the law Medida
Provisória nº 2.200-2 / 2001.
ICP Certificates are used in all secure Brazilian government
sites, other Brazilian sites and by financial institutions.
ICP-Brazil has the only (V0 and V1) chain operated by the ITI.
Auditor Website
Audit Hierarchy
Criteria and Procedures for Audit of ICP-Brasil
Criteria and Procedures for Audit of ICP-Brasil sub-CAs
Audit Committee
Root cert used to secure Brazilian government and financial sites.
This root has 8 subordinate CAs that are externally operated.
CRL
OV
Complete CA Hierarchy
Subordinate CA Hierarchy
Companies operating the subordinate CAs
CP (Portuguese)
CPS of CA-root (Portuguese)
CPS requirements for sub-CA (Portuguese)
ICP-Brasil Documents
https://bugzilla.mozilla.org/show_bug.cgi?id=438825
This is the next version of the Autoridade Certificadora
Raiz Brasileira root, which is used to secure Brazilian
government and financial sites.
CRL
OV
Complete CA Hierarchy
Subordinate CA Hierarchy
Companies operating the subordinate CAs
CP (Portuguese)
CPS of CA-root (Portuguese)
CPS requirements for sub-CA (Portuguese)
ICP-Brasil Documents
https://bugzilla.mozilla.org/show_bug.cgi?id=438825
E-ME is the brand name for the certification services that are operated by the
Latvian State Radio and Television Centre (LVRTC). LVRTC is a joint-stock company,
in which the Republic of Latvia being represented by the Ministry of Transportation
owns all shares of the company. LVRTC provides transmission of radio and television
signals covering all of Latvia. LVRTC also provides electronic document law enforcement in Latvia.
KPMG Baltics
Audit Statement
This Root CA issues Certificates for the Policy CA and the Trusted OCSP Responder.
There is one Policy CA which issues CA Certificates to the Issuing CAs and the Time Stamping Authority. The Issuing
CAs will be used to issue the Qualified Signature Certificates, Non-Qualified Authentication
Certificates, Non_Qualified Infrastructure Certificates to the End Users, as well as Non-Qualified
and Non-Public Certificates to the infrastructure systems of E-ME CSP IS. There is currently one Issuing CA,
which is operated by E-ME. All future Issuing CAs will also be operated by E-ME.
CRL
http://ocsp.eme.lv/responder.eme
OV
E-ME Policies and Regulations
CP (English)
Root Certificate CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=518098
Fábrica Nacional de Moneda y Timbre (FNMT) is a government agency that
provides services to Spain as a national CA.
ASIMELEC (Asociación Multisectorial de Empresas de Tecnologías de la Información, Comunicaciones y Electrónica)
ASIMELEC seal of approval
Audit Statement
This root cert signs internally-operated sub-CAs
which sign end-entity certs.
CRL
http://ocspap.cert.fnmt.es/ocspap/OcspResponder
OV
FNMT Document Repository
CPS particular to Component Certificates (Spanish)
CPS of FNMT Clase 2 CA (current Spanish users CA)
General CPS applicable to all FNMT's CAs (Spanish)
CPS of a FNMT's subordinated CAs ACE APE and AC Administración Pública
https://bugzilla.mozilla.org/show_bug.cgi?id=435736
TURKTRUST Information Security Services Inc. is a public corporation and
is an IT company based in Turkey.
TURKTRUST is an authorized qualified electronic certificate service provider
according to the Turkish Electronic Signature Law. TURKTRUST issues qualified
certificates, time-stamping services, SSL certificates, and object signing certificates.
Turkish Information and Communication Technologies Authority (ICTA)
Audit statement
BSI Group The Netherlands B.V.
ETSI Certificate
This is an offline root with separate internally-operated subordinate CAs for issuing qualified certificates,
SSL certificates, and EV SSL certificates.
TURKTRUST has other root certificates currently included in NSS. This root stands in a horizontal
hierarchy with others.
CRL
http://ocsp.turktrust.com.tr
OV, EV (Policy OID 2.16.792.3.0.3.1.1.5)
Document Repository
CP
CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=433845
https://bugzilla.mozilla.org/show_bug.cgi?id=768547
https://bugzilla.mozilla.org/show_bug.cgi?id=788321
Swiss Bundesamt für Informatik und Telekommunikation (BIT) is also known as the Swiss Federal
Office of Information Technology, Systems and Telecommunication (FOITT) which operates servers
and software applications for the Confederation (one of the biggest employers in Switzerland)
and third parties. The FOITT also operates a carrier network for the Federal administration
and organisations close to the administration. Various, partly encrypted, virtual private
networks (VPN) are operated on this carrier network. Overall the FOITT serves 1200 locations
in Switzerland and 200 locations worldwide. The FOITT is also responsible for networking the
Swiss cantons and the Principality of Liechtenstein.
KPMG SA Switzerland
Audit Report and Management's Assertions
State Secretariat for Economic Affairs (SECO)
Directory of Swiss Certified CAs for Administering Qualified Certificates
CRL
DV, OV
Admin PKI Repository
Swiss Government Root CA II CP/CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=435026
The Population Register Centre operates under the Finland Ministry of Finance
to develop and maintain the national Population Information System, the guardianship
register and the Public Sector Directory Service. The Population Register Centre serves
as the Certification Authority for the State of Finland, and thus develops and maintains
the national certificate services to Finnish Citizens, state workers and organizations.
All certificates issued to natural persons by the Population Register Centre are qualified
certificates, i.e. European-wide certificates based on an EU Directive and Finnish legislation.
Finnish Communications Regulatory Authority (FICORA)
Audit Statement
QC Certificate on FICORA website
Inspecta Finland
Auditor Statement
This root issues internally-operated intermediate CAs.
CRL
IV/OV
Policy Documentation (Finnish)
Intermediate Certificates
FINeID Policies for Server Certificates (English)
CP for Server Certs (English)
CPS for Server Certs (English)
PKI Disclosure Statement (English)
FINEID specification S2 – VRK (PRC) CA-model and certificate contents, v2.1
https://bugzilla.mozilla.org/show_bug.cgi?id=463989
D-TRUST GmbH is a wholly owned subsidiary of Bundesdruckerei
(100% Governmental), and is the only German trust center authorised
to perform sovereign tasks. The primary market is the German speaking
area (Austria, Germany, Switzerland) and B2B focused.
TUVIT
ETSI Certificate
TUVIT
ETSI Certificate
This root currently has one internally-operated subordinate CA,
“D-TRUST SSL Class 3 CA 1 2009”, which signs end-entity certificates.
CRL
http://ssl-c3-ca1-2009.ocsp.d-trust.net
OV
D-Trust Document Repository
CPS (German)
CPS (English)
CP (German)
CP (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=467891
https://bugzilla.mozilla.org/show_bug.cgi?id=845132
This root currently has one internally-operated subordinate CA,
“D-TRUST SSL Class 3 CA 1 EV 2009”, which signs end-entity certificates.
CRL
http://ssl-c3-ca1-ev-2009.ocsp.d-trust.net
OV, EV(Policy OID 1.3.6.1.4.1.4788.2.202.1)
D-Trust Document Repository
CPS (German)
CPS (English)
CP (German)
CP (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=467891
https://bugzilla.mozilla.org/show_bug.cgi?id=845132
https://bugzilla.mozilla.org/show_bug.cgi?id=845149
SUSCERTE stands for Superintendencia de Servicios de Certificación Electrónica,
which is part of the Ministry of People's Power for Telecommunications and
Informatics in the Bolivarian Republic of Venezuela. SUSCERTE is a national
government CA that provides electronic certification services to the Bolivarian
Republic of the Government of Venezuela.
Mariclen Villegas
Audit Statement in Spanish
This root CA is the Root Certification Authority of Venezuela’s National
Infrastructure of Electronic Certification. The main function of this root
is to issue the intermediate CAs to the Certification Service Suppliers (CSS)
of the public and private sector, according to the Law on Data Messages and
Electronic Signature (LSMDFE). Once a CSS has been accredited by SUSCERTE according
to the LSMDFE, the CSS must issue the certificates in accordance with the purpose of
the electronic certificates specified in their own Declaration of Practices of
Certification and Policy of Certificates.
CRL
http://ocsp.suscerte.gob.ve
OV
Declaration of Practices of Certification (DPC) of root in Spanish
DPC of root in English
Model of DPC for Certification Service Suppliers (CSS) in Spanish
Guide for Accreditation of CSS in Spanish
Guide Technology Standards and Guidelines for Accreditation of CSS in Spanish
National Infrastructure of Electronic Certificate: Structure, Certificate, and CRL in Spanish
https://bugzilla.mozilla.org/show_bug.cgi?id=489240
SUSCERTE has decided to have each of its sub-CAs apply separately for inclusion in NSS as separate trust anchors.
National Informatics Centre (NIC), is part of the Department of
Information Technology of the Government of India.
CyberQ Consulting Pvt. Ltd.
Auditor Statement
NIC CA issues three classes of Digital Signatures to subscribers, based on the
level of verification that is performed in regards to the identity of the
certificate subscriber. The NIC CA directly signs Class 1, Class 2 and Class3
end-entity certificates which can be used for SSL, email, and document signing.
The NIC CA also signs the E-passport Sub-CA which signs Class 1, Class 2 and
Class3 end-entity certificates which can be used for SSL, email, and document signing.
These Digital Signatures are issued based on verification procedures as stated in the
Information Technology (IT) Act 2000, an Act which was passed by the Indian Parliament
in June 2000.
CRL
DV, OV
CA Hierarchy
Certificate Practice Statement of NIC CA (English)
CPS Addendum for enrolling Root Certificate under Mozilla
Overview of Information Technology Act 2000 (English)
Details of Information Technology Act 2000 (English)
Digital Signature Certificate Request Form (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=511380
The U.S. Federal Public Key Infrastructure (US FPKI) Management Authority is a
National Government CA that operates the Federal Common Policy Framework
Certification Authority (FCPCA) on behalf of the Federal PKI Policy Authority.
The FCPCA is the Trust Anchor for the Federal Government. CAs under the FCPCA
issue PKI credentials to Federal employees and contractors. The FCPCA is also
cross certified with the Federal Bridge Certification Authority which provides
a trusted path to cross certified Federal Agencies, commercial venders, states
governments and other bridges.
Slandala
Compliance Audit Requirements
U. S. General Services Administration Office of General Counsel
Audit of Audit
This is the root certificate for the U.S. Federal Common Policy Framework Certificate
Authority (FCPCA). The FCPCA only issues certificates to subordinate CAs.
The sub-CAs are operated by the Shared Service Providers (SSPs).
End-entity certificates may be issued to Federal employees, contractors, affiliated
personnel, and devices operated by or on behalf of Federal agencies.
CRL
http://ocsp.managed.entrust.com/OCSP/EMSSSPCAResponder
OV
CP
CPS
Information about Federal PKI
Certified PKI Shared Service Providers (SSP)
Entities cross-certified with FBCA
Output of Crawl of public repositories starting from FCPCA
Shared Service Provider Roadmap through Acceptance Process
https://bugzilla.mozilla.org/show_bug.cgi?id=478418
Scientific Trust is a division of the University of Hagen and has its own Root Certificate.
Scientific Trust offers Intermediate Certificates to other universities and companies.
The primary market is the German speaking area (Austria, Germany, Switzerland).
KPMG
Audit Report and Management’s Assertions
This root has one internally-operated subordinate CA issuing client and server certificates.
In the future there will be externally-operated subordinate CAs, issuing client and server certificates.
CRL
OV
CPS Scientific Trust URL (English)
Certificate Policy URL (English)
CPS FernUniversitaet in Hagen URL (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=531237
TeliaSonera provides telecommunication services in the Nordic and Baltic countries,
the emerging markets of Eurasia, including Russia and Turkey, and in Spain. CA operations
currently only in Nordic countries.
Ernst and Young
Audit Report and Management’s Assertions
This root has internally-operated subordinate CAs for server, client, and TeliaSonera internal certificates.
CRL
http://ocsp.trust.teliasonera.com
OV
Document and Certificate Repository
Customer Support Site
CPS Documents (English)
Internal Mobile ID cert CPS (Finnish)
https://bugzilla.mozilla.org/show_bug.cgi?id=539924
SITHS is an abbreviation for Secure IT within Health care.
The name of the company has been changed from Sjukvårdsrådgivningen (translates to Health Care Guidance)
to Inera AB. The organization working with SITHS remains the same. The name SITHS was originally owned
by Carelink AB. Carelink was sponsored in a similar way as Sjukvårdsrådgivningen. The two companies
were merged two and a half years ago.
SITHS certificates and e-ID’s are issued to organizations/employees working within or having a
business connection to the healthcare sector. The business connection should be delivering
healthcare service. SITHS certificates are not issued to the receiver of
healthcare services (patients).
The potential number of users that access health care servers/services is the whole Swedish population,
which exceeds 9 million people.
Ernst & Young
Audit Report and Management’s Assertions
This root signs certificates for subordinate issuing CAs.
Subordinate issuing CAs issue certificates for persons and functions (e.g. applications, servers etc.)
CRL
DV
Document Repository
CP (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=792337
ANF Autoridad de Certificación is currently approved by the public administration to issue
qualified certificates in the European Union and it is in the process of being approved in
other countries (Ecuador and Panama), so Mozilla users in these areas will improve their user
experience when relating with government or with other citizens using Mozilla applications.
TBD
TBD
CRL
http://www.anf.es/AC/RC/ocsp
OV
ANF Certificate Practice Statements
Declaration of Practices (DPC) for this root (ANF Server CA)
Certificate Policies for SSL Certificates
Certificate Policies for Encryption Certificates
Certificate Policies for Registration Authority Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=555156
The Government of India established the Controller of Certifying Authorities (CCA),
under section 17 of the Information Technology (IT) Act 2000, an Act, which was passed
by the Indian Parliament in June 2000. The Act defines the legal and administrative framework for
establishment of a Public Key Infrastructure (PKI) in the country for creating trust in the electronic
environment. The CCA is the apex regulatory body to issue license to Certifying Authorities, in
accordance with the provisions of the IT Act 2000.
CCA has set up the The Root Certifying Authority of India (RCAI), which is at the root of trust
in the hierarchical PKI established in the country. The Certifying Authorities, which meet the
requisite criteria specified in the IT Act 2000, are issued licenses to operate by CCA and come
under the RCAI. As on date, there are seven intermediate CA that are operating under RCAI in India.
CCA List of Approved Auditors
TBD
Given the size of the hierarchy under this root, we are proceeding with this request as follows:
1) Create a separate bug for each of the 7 intermediate CAs to be separately evaluated for
inclusion as a trust anchor in NSS. 2) After all 7 of the intermediate CAs have been approved/included,
then proceed with evaluating the CCA root certificate for inclusion in NSS. 3) If the CCA root certificate
is approved for inclusion in NSS, then the 7 intermediate CAs will be removed from NSS at the same time
that the CCA root is included.
CRL
OV
Root CA CPS
Steps to become CA
FAQ
https://bugzilla.mozilla.org/show_bug.cgi?id=557167
SafeScrypt (Sify) Communications Data Security Solutions primary focus is on providing Digital
Trust Services and high-end solutions that help businesses migrate to an environment that is
secure and enables compliance with Legal and Regulatory requirements for true, end-to-end electronic
transactions and overall E-Business.
Sify Communications is also India's first intermediate CA under the IT Act 2000 and a VeriSign Affiliate
for the Indian Subcontinent offering Managed PKI services to enterprises and Digital Certificates to end-users as well.
Sify primarily serves Government, Semi-Government, and Private orgranizations in India.
Qadit Systems
Audit Equivalency Statement
2011 Audit Statement
This is a sub-CA of the CCA India root certificate.
This Class 2 CA has signed 10 subCAs which sign end-entity certs.
Certificates signed by this CA are issued to individuals, including members of the general public.
CRL
http://ocsp.safescrypt.com
IV
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=562763
This is a sub-CA of the CCA India root certificate.
This Class 3 CA and has signed one subCA which signs end-entity certs.
Certificates signed by this CA are issued to individuals, including members of the general public, and organizations.
CRL
http://ocsp.safescrypt.com
IV
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=562763
Shanghai Electronic Certification Authority Co., Ltd. (SHECA) is a Shanghai-based commercial
company and is one of the biggest Certification Authorities in China. SHECA is a national recognized
CA and operates under China’s Electronic Signature Law. SHECA’s customers include individuals and
companies from mainland China, Taiwan and Hong Kong.
PricewaterhouseCoopers
Audit Report and Management's Assertions
This root has one internally-operated subordinate CA, which signs web server certificates.
UCA is the acronym of UniTrust Certification Authority. UniTrust is a registered trademark owned by SHECA.
CRL
http://ocsp3.sheca.com/Global/global.ocsp
OV
Certificate Policy Documents
CP (Chinese)
CPS (Chinese)
CP (Copy-enabled)
CPS (Copy-enabled)
https://bugzilla.mozilla.org/show_bug.cgi?id=566310
This root has one internally-operated subordinate CA, which signs web server certificates,
E-mail certificates, personal identity certificates and others.
UCA is the acronym of UniTrust Certification Authority. UniTrust is a registered trademark owned by SHECA.
CRL
http://ocsp3.sheca.com/Sheca/sheca.ocsp
OV
Certificate Policy Documents
CP (Chinese)
CPS (Chinese)
https://bugzilla.mozilla.org/show_bug.cgi?id=566310
IDRBT CA functions under the Services Wing of IDRBT, an autonomouos organization established
by the Reserve Bank of India for the research and development in Banking Technology and registered
as a Society under Andhra Pradesh (Telengana areas) Public Societies Registration Act.
IDRBT offers Certification Services primarily for the members of the
INFINET, banks and Financial institutions in India.
Digital Age Strategies
Audit Statement
This is a sub-CA of the CCA India root certificate.
This CA does not currently have any subordinate CAs. It is used to establish a trust chain from
CCA to end entities in digital certificates
issued by IDRBT CA to be used in PKI-enabled applications. IDRBT CA offers 3 distinct
classes of certification services. Each class of certificate provides specific functionality
and security features. The classes are Class 1, Class 2, and Class 3.
CRL
OV
IDRBT Document Repository
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=562764
PROCERT’s primary market are public and private users in Venzuela.
PROCERT is a private entity within the Venezuelan Bolivarian Republic,
which is accredited by the Venezuelan State as a Provider of Certification Services (PCS),
according regulating principles content in the Law related to Data Messages and Electronic
Signatures and its regulations as well as in the norms set forth by the Superintendence of
Electronic Certification Services (SUCERTE, by its acronym in Spanish), ruling entity regarding
electronic certification issues which is part of Popular Power Ministry for Telecommunications
and Informatics of the Bolivarian Republic of Venezuela.
Mariclen Villegas (SUSCERTE Registered Auditor)
Auditor Statement
This is a sub-CA of the “Autoridad de Certificacion Raiz del Estado Venezolano” root certificate
owned by SUSCERTE (Superintendencia de Servicios de Certificación Electrónica), which is part of
the Ministry of People's Power for Telecommunications and Informatics in the Bolivarian Republic
of Venezuela. SUSCERTE is a national government CA that provides electronic certification services
to the Bolivarian Republic of the Government of Venezuela. In Bug #489240 it was determined that
SUSCERTE’s sub-CAs would apply for inclusion themselves as separate trust anchors.
This “PSC Procert” cert shows up under “Sistema Nacional de Certificacion Electronica”, which is
the O of the Issuer, the “Autoridad de Certificacion Raiz del Estado Venezolano” root certificate.
CRL
http://ura.procert.net.ve
OV
PROCERT CA Information
PROCERT CA Documentation (English)
PROCERT CA Documentation (Spanish)
CPS (English)
CPS (Spanish)
CP for certs for SSL (Spanish)
CP for certs for email (Spanish)
CP for certs for Software Signing (Spanish)
https://bugzilla.mozilla.org/show_bug.cgi?id=593805
https://bugzilla.mozilla.org/show_bug.cgi?id=810010
China Internet Network Information Center (CNNIC), the state network information
center of China, is a non-profit organization. CNNIC takes orders from the
Ministry of Information Industry (MII) to conduct daily business, while it is
administratively operated by the Chinese Academy of Sciences (CAS). The CNNIC
Steering Committee, a working group composed of well-known experts and commercial
representatives in domestic Internet community, supervises and evaluates the structure,
operation and administration of CNNIC. The objective customers of the CNNIC root are
domain owners from general public, including enterprise, government, organization,
league, individual, etc.
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
This root will only be used for EV certificates.
It currently has one internally-operated subCA for issuing EV SSL certs.
In the future another subCA may be added for issuing code signing certs.
CRL
http://ocspev.cnnic.cn
EV (Policy OID 1.3.6.1.4.1.29836.1.10)
Document Repository
CPS (English)
EV CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=607208
https://bugzilla.mozilla.org/show_bug.cgi?id=799692
https://bugzilla.mozilla.org/show_bug.cgi?id=799697
Netrust is a private corporation in Singapore, which provides individuals,
business and government organizations with a
complete online identification and security infrastructure to enable secure
lectronic transactions. Besides certificate provisioning, Netrust delivers high
quality professional services including security consulting, PKI deployment
and custom application development. Netrust was awarded by the International
Civil Aviation Organization (ICAO) to setup and operate the global Public Key
Directory (PKD).
e-Cop Pte Ltd
Audit Report
Comparative Analysis if iDA Security Guidelines with WebTrust and ETSI TS 101 455
The “Netrust CA1” root signs end-entity certificates directly. It does not have any subordinate CAs.
CRL
OV
Document Repository
Certificate Practice Statement (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=632292
The PostSignum certification authority is a governmental certification authority (national government)
operated by Ceska posta s.p. (Czech Post).
PostSignum is an accredited provider of certification services in the Czech Republic
(accreditation by the Ministry of the Interior of the Czech Republic).
Qualified certification authorities from the PostSignum PKI hierarchy operate
under Czech government regulations and must fulfil mandatory audit requirements
stipulated in EU and Czech law.
Deloitte Advisory s.r.o.
PostSignum Root QCA 2 has two internally-operated subCAs
hich sign qualified (PostSignum Qualified CA 2) or non-qualified
(PostSignum Public CA 2) end-entity certs.
CRL
OV
CP for Root QCA 2 (Czech)
CP for Qualified CA 2 Personal Certificates (Czech)
CP for Qualified CA 2 Systems Certificates (Czech)
CP for Public CA 2 Personal Certificates (Czech)
CP for Public CA 2 Server Certificates, SSL/TLS certs (Czech)
https://bugzilla.mozilla.org/show_bug.cgi?id=643398
PSC-FII is a public entity belonging to the Government of the Bolivarian Republic of
Venezuela accredited as a Provider of Electronic Certification Services (PSC) by the
Superintendence of Electronic Certification Services (Spanish acronym, SUSCERTE) under
the Law on Data Messages and Signatures Electronic. PSC-FII’s primary market are public
and private users in Venezuela.
Milthon J. Chavez
Accredited Elctronic Certification Services Provider
This is a sub-CA of the “Autoridad de Certificacion Raiz del Estado Venezolano” root
certificate owned by SUSCERTE (Superintendencia de Servicios de Certificación Electrónica),
which is part of the Ministry of People's Power for Telecommunications and Informatics in
the Bolivarian Republic of Venezuela. SUSCERTE is a national government CA that provides
electronic certification services to the Bolivarian Republic of the Government of Venezuela.
In Bug #489240 it was determined that SUSCERTE’s sub-CAs would apply for inclusion themselves
as separate trust anchors. This “PSC Público del MCT para el Estado Venezolano” cert shows up
under “Sistema Nacional de Certificacion Electronica”, which is the O of the Issuer, the
“Autoridad de Certificacion Raiz del Estado Venezolano” root certificate.
CRL
OV
CPS (Spanish)
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=667466
T-Systems is a wholly-owned subsidiary of Deutsche Telekom AG.
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
Ernst and Young
Audit Report and Management's Assertions
T-Systems plans to offer certificates with a high security level (e.g. EV) chaining up to
this “T-TeleSec GlobalRoot Class 3” root. High security level services for email and
code signing will also be created, and the corresponding Sub-CAs will be operated under
this Class 3 root. This Class 3 root will only have internally-operated subordinate CAs.
T-Systems currently offers certificates with a standard security level (e.g. OV) chaining up
to the currently included “Deutsche Telekom Root CA 2” root. All of those standard security
services will eventually chain up to a “T-TeleSec GlobalRoot Class 2” root.
Inclusion of the “T-TeleSec GlobalRoot Class 2” root is not currently part of this request.
CRL
http://ocsp.telesec.de/ocspr
EV (Policy OID 1.3.6.1.4.1.7879.13.24.1)
Repository
ServerPass CP/CPS (German)
ServerPass CP/CPS v1.1 (English)
CP (English)
CP (German)
CPS (English)
CPS (German)
https://bugzilla.mozilla.org/show_bug.cgi?id=669849
https://bugzilla.mozilla.org/show_bug.cgi?id=760297
https://bugzilla.mozilla.org/show_bug.cgi?id=760313
Included in NSS 3.14, Firefox 18. Pending EV enablement.
SG Trust Services is a subsidiary of Groupe SG, which is the high level entity of all subsidiaries
of Société Générale. Société Générale is one of the oldest and largest banks in France, and is a major
international financial services company.
LSTI
LSTI Qualified CA
ETSI Certificate
SG TRUST SERVICES RACINE has two internally-operated intermediate certificates,
one for authentication certificates and another for signing certificates.
CRL
OV/IV
Document Repository
CP for 2-Star Certs (English translation of some sections)
https://bugzilla.mozilla.org/show_bug.cgi?id=662259
https://bugzilla.mozilla.org/show_bug.cgi?id=860929
ComSign is a private company owned by Comda, Ltd., a company specializing in information
protection products and solutions. In 2003, ComSign was appointed by the Justice Ministry
as a certificate authority in Israel in accordance with the Electronic Signature Law 5761-2001,
and is currently the only entity issuing legal authorized electronic signatures according to
the Israel law. ComSign has issued electronic signatures to thousands of business people in Israel.
The State of Israel – Ministry of Justice
Registered CA
Sharony-Shefler
Audit Statement
This root will eventually replace the “ComSign CA” root certificate that is currently
included in NSS, and was approved in bug #420705. It will have three internally-operated
subordinate CAs: ComSign ISA Global CA, ComSign Corporations CA, and ComSign Professionals CA.
CRL
IV
ComSign CPS Web Page
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=675060
Visa is a global financial services corporation. Certificates issued by this CA
will be used to support payment and information delivery applications (business to
business payments, business to consumer payments, non-payment applications) as well as
some Visa internal applications. All of these applications are tied to Visa products,
services or platforms that are governed by Visa's global operating regulations that bind
all of the parties to specified terms, conditions, responsibilities, recourse, etc.
Visa has a large international participation base -- 21,000+ banks, billions of customers,
millions of acceptors and a global nature.
KPMG
Audit Report and Management's Assertions
The Visa Information Delivery Root CA has several internally-operated subordinate
online CAs that issue end entity certificates for SSL, digital signature, and
VPN/IP Sec.
CRL
OV
Visa PKI Disclosure Statement
CP (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=636557
ANSSI (Agence nationale de la sécurité des systèmes d'information)is the French Network and
Information Security Agency, a part of the French Government. It issues certificates for
French Government websites, which are used by the general public. Each department has a sub CA;
there are at least 20 at the moment, and potentially up to 60.
French Secretariat GÈnÈral de la DÈfense Nationale
Surveillance Audit Statement
Statement about Audits relating to IGC/A
This is the RSA4096-SHA256 root certificate of the French Government CA.
The RSA2048-SHA1 IGC/A root certificate is currently included in NSS, as per bug #368970.
The IGC/A root issues subordinate CAs for government or administrative organizations only.
Each of these subordinate CAs may issue end-entity certificates or additional subordinate
CAs to be used for divisions within that organization. Each organization is required to
follow the CP and the Government RGS, and be audited.
CRL
OV
IGCA-PC (French)
CP for SSL/TLS authentication certs
CP for e-sign certs for servers
CP for email certs for people working for the Foreign Affairs Ministry
CP for email certs for people working for another Administration working with the Foreign Affairs Ministry
Variables de Temps
IGC/A FAQ
https://bugzilla.mozilla.org/show_bug.cgi?id=693450
Entrust is a commercial CA serving the global market for
SSL web certificates. Entrust also issues certificates to
subordinate CAs for enterprise and commercial use.
Deloitte and Touche LLP
Audit Report and Management's Assertions
This root is already included in NSS. It has been updated to extend the validity period
and to correct the Basic Constraints extension. This root is Entrust's primary trust anchor
for commercially issuing SSL, S/MIME, and Code Signing certificates.
CRL
http://ocsp.entrust.net
OV, EV (policy OID 2.16.840.1.114028.10.1.2)
Document Repository
CPS (English)
EV CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=694536
https://bugzilla.mozilla.org/show_bug.cgi?id=856678
This is a new root which has been signed with the SHA-256 algorithm. This root is
intended to eventually replace Entrust's SHA-1 signed roots. This root is intended
to be used for commercially issuing SSL, S/MIME, and Code Signing certs.
CRL
http://ocsp.entrust.net
OV, EV (policy OID 2.16.840.1.114028.10.1.2)
Document Repository
CPS (English)
EV CPS
https://bugzilla.mozilla.org/show_bug.cgi?id=849950
Atos Trustcenter acts in Europe, but also has international customers. The PKI-Services
are offered to the Public, with no restrictions to user groups.
DQS Holding GmbH
ETSI Certificate
DQS Holding GmbH
Annual Serveillance Audit Statement
This root has signed three types of internally-operated intermediate CAs
for issuing SSL server, client, and code signing certificates.
CRL
http://pki-ocsp.atos.net
DV, OV
CPS (English)
Subscriber Agreement
https://bugzilla.mozilla.org/show_bug.cgi?id=711366
Digidentity is a private company often working for the Dutch Government, whose
customers are (mostly Dutch) companies, governmental entities and consumers.
Digidentity is a Certificate Service Provider through a 'Besloten Vennootschap',
the Dutch equivalent to a Private Limited company.
British Standards Institution (BSI)
ETSI Certificate
The root is offline, and signs internally-operated subordinate CAs.
CRL
OV
Document Repository
CPS (Dutch)
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=693273
CATCert is the Catalan Agency of Certification (Agència Catalana de Certificació).
CATCert’s aim is to provide digital certification services and promote the usage
of digital signature in order to make safer the communications within the Catalan
government and the communications (within and for) the Catalan government.
Ernst and Young
Audit Report and Management Assertions
Ernst and Young
Audit Report and Management Assertions
This is the SHA-256 version of the EC-ACC root certificate that was included in NSS per bug #295474.
CRL
http://ocsp.catcert.net
OV
Document Repository (Catalan)
Certification Policy (Catalan)
Certification Policy Section 3 (English)
Declaración de Prácticas de Certificación (DPC) for each sub-CA (Catalan)
Operative Procedure (Catalan)
https://bugzilla.mozilla.org/show_bug.cgi?id=720326
Taiwan CA. Inc. (TWCA) is a commercial CA that provides a consolidated on-line
financial security certificate service and a sound financial security environment,
to ensure the security of on-line finance and electronic commercial trade in Taiwan.
SunRise CPAs’ Firm, a member firm of DFK
Audit Report and Management's Assertions
SunRise CPAs’ Firm, a member firm of DFK
Audit Report and Management's Assertions
This request is to turn on the Code Signing trust bit and enable EV for the
“TWCA Root Certification Authority” root certificate that was included in
NSS per bug #518503.
CRL
http://evsslocsp.twca.com.tw/
OV, EV (policy OID 1.3.6.1.4.1.40869.1.1.22.3)
Document Repository (English)
Document Repository (Chinese)
Corporate Profile (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=745671
https://bugzilla.mozilla.org/show_bug.cgi?id=823766
https://bugzilla.mozilla.org/show_bug.cgi?id=823770
This SHA-256 root will eventually replace the SHA-1 “TWCA Root Certification Authority”
root certificate that was included in NSS per bug #518503.
CRL
http://RootOcsp.twca.com.tw/
OV, EV (policy OID 1.3.6.1.4.1.40869.1.1.22.3)
Document Repository (English)
Document Repository (Chinese)
Corporate Profile (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=810133
Swisscom AG is a commercial CSP that provides certification services for individual and
corporate customers. Swisscom operates a certificate authority and registration authority.
Customers may choose to use the registration services of Swisscom and purchase single
certificates. Customers may also choose to operate their own registration authority (managed PKI).
KPMG
Audit Report and Management's Assertions
KPMG
Audit Report and Management's Assertions
This “Swisscom Root CA 2” root cert will eventually replace the “Swisscom Root CA 1”
root cert that was included in NSS as per bug #342470.
CRL
http://ocsp.swissdigicert.ch/sdcs-diamant2
DV, OV
Document Repository
CPS (German)
CPS (English)
Emerald CP (German)
Sapphire CP (German)
Ruby CP (German)
https://bugzilla.mozilla.org/show_bug.cgi?id=759732
https://bugzilla.mozilla.org/show_bug.cgi?id=856695
This is a new EV root cert with one internally-operated subCA.
CRL
http://ocsp.swissdigicert.ch/root2-ev
EV (policy OID 2.16.756.1.83.21.0)
Document Repository
CPS (German)
CPS (English)
Emerald CP (German)
EV CPS (German)
EV CP (German, English Translations of certain sections provided in Appendix)
Sapphire CP (German)
Ruby CP (German)
https://bugzilla.mozilla.org/show_bug.cgi?id=759732
https://bugzilla.mozilla.org/show_bug.cgi?id=856695
https://bugzilla.mozilla.org/show_bug.cgi?id=856710
Disig is a public Certification Service Provider, located in Slovakia.
Disig focus its certification service mainly for Slovakian market for the
customer from general public, private companies, governmental organization.
QSCert
Audit Report and Management's Assertions
This cert will eventually replace the current CA Disig root certificate
included in Mozilla products (Bugzilla #455878). This root will sign internally-operated
intermediate certificates that will sign entity certificates for SSL, digital signature,
sending/receiving e-mail, and code signing.
CRL
http://rootcar1-ocsp.disig.sk/ocsp/rootcar1
OV
CP (Slovak)
CP (English)
CPS (Slovak)
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=792377
https://bugzilla.mozilla.org/show_bug.cgi?id=823753
Root certificate for SHA2 CA chain hierarchy.
This root will sign internally-operated intermediate certificates that will
sign entity certificates for SSL, digital signature, sending/receiving e-mail,
and code signing.
CRL
http://rootcar2-ocsp.disig.sk/ocsp/rootcar2
OV
CP (Slovak)
CP (English)
CPS (Slovak)
CPS (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=792377
https://bugzilla.mozilla.org/show_bug.cgi?id=823753
Firmaprofesional is a commercial CA in Spain that issues certificates to professional
corporations, companies and other institutions. Their main activity is the generation,
transmission and distribution of digital certificates through professional corporations,
companies or other institutions, which act as Registration Authorities and Certification
Authorities in the hierarchy of certification Firmaprofesional. Firmaprofesional has a
network of more than 70 Registration Authorities located throughout Spain.
Ernst & Young
Audit Report and Management's Assertions
Ernst & Young
Audit Report and Management's Assertions
This request is to enable EV for this root certificate that is
currently included in NSS as per Bugzilla #521439.
CRL
http://servicios.firmaprofesional.com/ocsp
OV, EV (policy OID 1.3.6.1.4.1.13177.10.1.3.10)
Document Repository
CPS (Spanish)
SSL CP (English)
SSL CP (Spanish)
Code Signing CP (Spanish)
https://bugzilla.mozilla.org/show_bug.cgi?id=794036
The ACCV CA is operated by the government of the Valencia region of Spain.
ACCV issues certificates for persons (with email), web sites and for signing code,
in different policies, but with the same root. ACCV is a public certificate service
provider and the intended use for this root certificate is to improve the electronic
administration between citizens and the administration.
DNB
Audit Report and Management's Assertions
This root will eventually replace the “Root CA Generalitat Valenciana” root that was included via bug #274100.
This root cert has signed two internally-operated subordinate CA certificates, ACCVCA-110 and ACCVCA-120.
CRL
http://ocsp.accv.es
DV, OV
Document Repository
All CP Documents listed by certificate usage
SSL CP (Spanish)
Code Signing CP (Spanish)
Qualified Certs CP for Public Employees (Spanish)
Qualified Certs CP for Citizens (Spanish)
https://bugzilla.mozilla.org/show_bug.cgi?id=811352
https://bugzilla.mozilla.org/show_bug.cgi?id=872279
KIR S.A. is a private corporation, and is the one of the biggest Polish CAs which currently mainly
issues qualified certificates for general public. Our certification is for non-qualified certificates o
nly but our clients of qualified certificates are very interested in trusted non-qualified certificates.
Since KIR S.A.’s is automated clearing house in Poland and its core business is clearings, KIR S.A. has
built numerous contacts /business relationships within banking sector. Due to that fact, KIR S.A is aiming
to expand its sales in services like: SSL or VPN certificates. KIR S.A’s another line of products called
PayByNet, has created a vast network of relationships within online stores and KIR S.A can leverage them
to create customer base for trusted non-qualified certificates.
Ernst & Young
Audit Report and Management's Assertions
This root currently has one internally-operated intermediate certificate, which issues
certificates for SSL, S/MIME, and code signing.
CRL
OV
CPS (English)
CP (English)
https://bugzilla.mozilla.org/show_bug.cgi?id=817994