Add and Update Root Certificate Records
The ‘Add/Update Root Request’ case is used to request that Root Certificate records be added to the CCADB, and to request updates to CA Owner and Root Certificate records such as policy and audit updates.
To create an ‘Add/Update Root Request’ case in the CCADB:
- Click on the ‘My CA’ tab.
- Click on the ‘CASES’ tab under the CA Owner’s name, near the top left corner of the page.
- Click on the ‘New’ button, which is on the right side of the page, below the ‘Get URLs’ button.
- Select ‘Add/Update Root Request’, and click on ‘Next’.
- Type in information for the ‘Subject’ (e.g. Example CA New Root Certificates).
- Click on the ‘Save’ button.
- There will be a green bar shown across the top of the page, which says “Case ###### was created”. Click on the number in the list below (the same which was provided by green bar) to view the new case.
- Otherwise, go back to the ‘CASES’ tab in ‘My CA’, and click on the number in the top row of the ‘Case’ column.
- Detailed Instructions: Create an Add/Update Root Request
The ‘Add/Update Root Request’ case contains the following tabs, and you may choose which tabs to make updates in. For example, if you are providing policy document updates inbetween annual audits, then you may only want to update the POLICY DOCUMENTS tab.
Note: New required fields were added to Root Certificate records on September 15, 2022, and those fields will have to be filled in the next time an ‘Add/Update Root Request’ case is used to update a pre-existing Root Certificate record. Those fields are in the ‘ROOT INFORMATION’ tab.
- CA OWNER
- POLICY DOCUMENTS
- ROOT INFORMATION
- TEST WEBSITES
To add a Root Certificate record to the CCADB, view the instructions for the ‘ROOT INFORMATION’ tab. High level instructions:
- Go to the ‘ROOT INFORMATION’ tab.
- Click on the ‘Add/Select Root Certificates’ button.
- Click on the ‘Add Root Certificate to CCADB’ button.
- Paste the certificate PEM into the window and click on ‘Validate PEM’.
- If validation is successful, click on the ‘Create Root Certificate in CCADB’ button.
- Fill in the data for the required fields in the ‘ROOT INFORMATION’ tab.
- Click on the ‘Submit to Root Store’ button.
CAs in the CCADB are organized into hierarchies. Each CA Owner has children nodes that are Root Certificate records, and Root Certificate records have children nodes that are Intermediate Certificate records, and Intermediate Certificate records have children nodes that are Intermediate Certificate records.
Note: The CCADB considers the terms “intermediate” and “subordinate” synonymous.
All CAs are required to update the audit, CP, CPS and test website information for their certificate hierarchies at least annually. CAs are expected to maintain their intermediate certificate records themselves and to directly enter the corresponding updated audit statements. However, root certificate data cannot be self-maintained, because Root Store Operators must verify the data before the CA Owner or Root Certificate records are modified.
CA Owners may want to test preliminary audit statements before receiving and uploading the final audit statements from their auditor to ensure the documents will pass ALV.