Mozilla's CA Certificate Program

Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. The program is overseen by the module owner and peers of the CA Certificates Module; the policy itself is overseen by the module owner and peers of the CA Certificate Policy Module.

Policy

Lists of CAs and Certificates

Program Administration

Most information relating to the administration of our program is stored either in Bugzilla or in the Common CA Database.

crt.sh

Information for Auditors

Information for CAs

Compliance

Root Inclusion

Root Removal and Other Root Changes

Revocation

How Firefox Works

Tools to Check Certificates

Certificate Linters

Information for the Public

Configuring Firefox


Discussion Forums

The following public forums are relevant to CA evaluation and related issues.

CCADB
MDSP
  • Mozilla's dev-security-policy (MDSP) mailing list is used for discussions of Mozilla policies related to security in general and CAs in particular, and for wider discussions about the WebPKI. If you are a regular participant in MDSP, then please add your name to the Policy Participants page.
Other MDSP Mail Archives
  • New MDSP Messages (since August 2021)

(HTML): https://www.mail-archive.com/dev-security-policy@mozilla.org/

(RSS): https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

  • Old MDSP Messages (until April 2021)

(HTML): https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/

(RSS): https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/maillist.xml

Other Forums
  • Mozilla's dev-tech-crypto mailing list is used for discussions of the NSS cryptographic library used in Firefox and other Mozilla-based products, as well as the PSM module that implements higher-level security protocols for Firefox.
  • For other discussions of Mozilla security issues: