Microsoft Trusted Root Certificate: Program Вимога


Microsoft Trusted Root Certificate: Program Вимога
1. Introduction

The Microsoft Trusted Root Certificate («Program») supports the distribution of qualifying root certificate in Microsoft Windows and other Microsoft Products and Services. This page describes the program’s general and technical requirements, including information about how a Certificate Authority (CA) can contact Microsoft to request inclusion into the Program.

This document lists the details and requirements for the Program. Certification Authorities («CAs») that are current members of the Program are listed at http://support.microsoft.com/kb/931125 .

How Root Certificate Distribution Works

Starting with the release of Windows Vista, root certificates are updated on Windows automatically. When a user visits a secure Web site (by using HTTPS (SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it download it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

2. Certificate Authority Intake Process

In order to begin the process to be included in the Program, a CA must fill out the application located at http://aka.ms/rootcertapply and email the completed form to trustcert@microsoft.com. This will begin the onboarding process, outlined below:

  1. Microsoft will review the application and may request additional documentation from the CA to determine if the CA meets the Program requirements and whether, in microsoft’s judgment, the CA’s inclusion into the benefit program will microsoft’s customers
  • Microsoft will provide preliminary Program to the approval CA and a deadline by which all materials must be completed and returned to Microsoft, for the CA to in included in the next release (typically every four months).
  • Upon receipt of preliminary approval from Microsoft, the CA will need to engage an auditor to complete the necessary audit. See, http://aka.ms/auditreqs for more information about the program’s audit вимога.
  • When the audit is complete the CA must send the following materials to Microsoft:
    1. A copy of all of the roots that the CA wishes to have Microsoft include in the Program in .cer file format (contained in a .ZIP file)
  • Test URLs for each root, or a URL of a publicly accessible server that Microsoft can use to verify the certificates.
  • An electronic copy or URL that contains the most recent audit attestation for each of the roots the CA wishes to have Microsoft include in the Program
  • Information to complete and sign the Program contract, including:
    1. The name, email address, phone number, and job title of the person who will sign the Program contract
  • A second contact’s name, email address, and phone number.
  • The company’s principle place of business (street address).
  • The company’s place of incorporation (country or state/province).
  • Microsoft will send the Program contract to the CA to sign and return to Microsoft.
  • Upon receipt of the completed contract, Microsoft will add the CA to release the next, if the CA has returned the materials by the deadline provided to the CA. Otherwise, Microsoft will add the CA’s roots to a subsequent release.

    Короткий опис статті: сертифікат microsoft

    Джерело: Microsoft Trusted Root Certificate: Program Вимога

  • Також ви можете прочитати