[1] CA 証明書 の発行元です。
仕様書 [18] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
(2015-02-22 15:44:10 +09:00 版)
http://tools.ietf.org/html/rfc5280#section-3.2 Web 用 CA [13] Web 用証明書 を発行する CA は、 CA/Browser Forum
の BR に従うのが普通です。
[14] BR に従わないらしき CA には次のものがあります。
[8] 他にオレオレ証明書 など個人や組織の内部に限定されて運用される CA
があります。
CA 証明書 [17] CA の証明書 を特にCA証明書CA certificate
[19] PKIX におけるCA証明書 は RFC 5280 で規定されています。
CA証明書 には、次の種別があります >>18
[20] ルートCA の証明書 をルート証明書 といいます。
[21]
中間証明書 は証明書鎖 に入れてやり取りされます。
文脈 [64] TLS CertificateRequest メッセージ の
certificate_authorities サーバー が受け付けるCA のDN を指定できます。
MIME 型 [7] MIME型 として application/x-x509-ca-cert
メモ [2] Network Security - CAB Forum
(2015-03-23 23:03:41 +09:00 版)
https://cabforum.org/network-security/
[3] CA Practices - CAB Forum
(2015-04-02 12:13:02 +09:00 版)
https://cabforum.org/ca-practices/ In addition to the Extended Validation Guidelines and the Baseline Requirements, the CA / Browser Forum has developed statements about the practices of CAs
[4] CA:Problematic Practices - MozillaWiki
(2015-04-02 07:13:46 +09:00 版)
https://wiki.mozilla.org/CA:Problematic_Practices
[5] CA:Recommended Practices - MozillaWiki
(2015-04-02 07:13:29 +09:00 版)
https://wiki.mozilla.org/CA:Recommended_Practices
[6] CA:Overview - MozillaWiki
(2015-04-02 07:20:42 +09:00 版)
https://wiki.mozilla.org/CA:Overview
[11] (2014-11-01 05:54:38 +09:00 版)
https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf#page=10 Certification Authority: An organization that is responsible for the creation, issuance, revocation, and
management of Certificates. The term applies equally to both Roots CAs and Subordinate CAs.
[12] (2014-11-01 05:54:38 +09:00 版)
https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf#page=46 The CA SHALL host test Web pages that allow Application Software Suppliers to test their software with
Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, the CA SHALL host
separate Web pages using Subscriber Certificates that are (i) valid, (ii) revoked, and (iii) expired.
[15] (2014-11-01 05:09:16 +09:00 版)
https://cabforum.org/wp-content/uploads/EV-V1_5_2Libre.pdf#page=41 The CA MUST host test Web pages that allow Application Software Suppliers to test their software with EV
Certificates that chain up to each EV Root Certificate. At a minimum, the CA MUST host separate Web pages using
certificates that are (i) valid (ii) revoked and (iii) expired.
[9] Symantec: Draft Proposal - Google グループ
(2017-05-08 11:44:05 +09:00 )
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/IZYmm8zsSKU
[10] Mozilla CA Certificate Store — Mozilla
(2020-03-27 18:37:57 +09:00 )
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/