You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/apply-for-inclusion.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,13 +5,13 @@ title: Apply for Inclusion
5
5
6
6
## Last updated: 2025-05-27
7
7
8
-
The Chrome Root Program Policy defines the [minimum requirements](policy) that must be met by Certification Authority (CA) Owners for both initial and continued inclusion in the Chrome Root Store. The policy is periodically updated to further promote the Chrome Root Program's goals of [security, agility, and simplicity](moving-forward-together). Generally, all pending applications submitted to Google Chrome in the Common CA Database (CCADB) should adhere to the latest version of this policy, including any specific criteria for applicants. If an existing inclusion request doesn't meet the requirements of a revised policy or updated applicant-specific criteria, the relevant CA Owner should request a reversion of their CCADB case status to "CA Providing Data." This allows the CA Owner to modify their inclusion request and demonstrate sufficient alignment with the current policy and requirements.
8
+
The Chrome Root Program Policy defines the [minimum requirements](../policy) that must be met by Certification Authority (CA) Owners for both initial and continued inclusion in the Chrome Root Store. The policy is periodically updated to further promote the Chrome Root Program's goals of [security, agility, and simplicity](../moving-forward-together). Generally, all pending applications submitted to Google Chrome in the Common CA Database (CCADB) should adhere to the latest version of this policy, including any specific criteria for applicants. If an existing inclusion request doesn't meet the requirements of a revised policy or updated applicant-specific criteria, the relevant CA Owner should request a reversion of their CCADB case status to "CA Providing Data." This allows the CA Owner to modify their inclusion request and demonstrate sufficient alignment with the current policy and requirements.
9
9
10
10
Google includes or removes self-signed root CA certificates in the Chrome Root Store as it deems appropriate at its sole discretion. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability. CA certificates that do not provide a broad service to all browser users will not be added to, or may be removed from the Chrome Root Store. CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.
11
11
12
12
### Inclusion Processing
13
13
14
-
The Chrome Root Program and corresponding Root Store processes inclusion requests and requests for changes through the CCADB. CA Owners who satisfy all of the requirements in the Chrome Root Program [Policy](policy) may apply.
14
+
The Chrome Root Program and corresponding Root Store processes inclusion requests and requests for changes through the CCADB. CA Owners who satisfy all of the requirements in the Chrome Root Program [Policy](../policy) may apply.
15
15
16
16
The application process includes:
17
17
@@ -39,7 +39,7 @@ Illustrative behaviors demonstrating value include:
39
39
* supporting customers in multiple geographic markets and in multiple native languages.
40
40
* freely-available guidance, help articles, or FAQ to support the user community in requesting/renewing certificates or configuring TLS.
41
41
* not relying on “cached" domain validation information during certificate issuance.
42
-
* leveraging operational practices consistent with those described in [Moving Forward, Together](moving-forward-together) at the time of application submission. For example, reliably issuing TLS server authentication certificates that are valid for a much shorter period of time than the maximum validity allowed by the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates.
42
+
* leveraging operational practices consistent with those described in [Moving Forward, Together](../moving-forward-together) at the time of application submission. For example, reliably issuing TLS server authentication certificates that are valid for a much shorter period of time than the maximum validity allowed by the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates.
43
43
* supporting the Automatic Certificate Management Environment (ACME) protocol and the ACME Renewal Information (ARI) extension, complemented by technical controls that encourage cryptographic agility.
44
44
* responsibly operating [Certificate Transparency](https://googlechrome.github.io/CertificateTransparency/) log(s) qualified in Chrome.
45
45
@@ -51,7 +51,7 @@ CA Owners should not anticipate receiving application coaching beyond what is sp
51
51
52
52
### Inclusion Rejection
53
53
54
-
The Chrome Root Program will reject inclusion requests where an applicant does not meet the minimum requirements defined by the Chrome Root Program [Policy](index) or the application is deemed incomplete or inaccurate.
54
+
The Chrome Root Program will reject inclusion requests where an applicant does not meet the minimum requirements defined by the Chrome Root Program [Policy](../policy) or the application is deemed incomplete or inaccurate.
55
55
56
56
The Chrome Root Program may reject requests for inclusion into the Chrome Root Store as deemed appropriate, and is not obligated to justify any inclusion decision.
57
57
@@ -63,7 +63,7 @@ Illustrative factors for application rejection may include:
63
63
* where the corresponding CA Owner has ever been:
64
64
* determined to have acted in an untrustworthy manner or created unnecessary ecosystem risk, or
65
65
* associated with a certificate that was previously distrusted by Chrome or any other public root program.
66
-
* has an incident history that does not convey the [factors](index#51-incident-reports) significant to Chrome.
66
+
* has an incident history that does not convey the [factors]((../policy#61-incident-reports) significant to Chrome.
67
67
* completion of a CCADB root inclusion public discussion that casts doubt over the CA Owners security, honesty or reliability.
68
68
* discovery of false or misleading information provided by the CA Owner.
69
69
* significant delays in response from the CA Owner when seeking additional or clarifying information.
0 commit comments