Wednesday, 27 February 2013

Mozilla Tightens Requirements for Digital Certificates (February 19, 2013)

Mozilla has updated its Certificate Authority (CA) Certificate Policy to lessen the risk of hackers getting their hands on subordinate CA certificates. 

Subordinate CA certificates are granted the same power as the CA, and they can be used to issue valid SSL certificates. 

Until now, subordinate CA certificates have not been subjected to the same scrutiny and controls as root CA certificates. 

The policy is being changed to reflect Mozilla's "belief that each root is ultimately accountable for every certificate it signs, directly or through its subordinates." 

Subordinate CA certificates issued after May 15, 2013 must comply with Mozilla's new policy; existing certificates have until May 15, 2014 to be updated to comply with the policy


  1. This comment has been removed by the author.

  2. Whats the key difference between subordination CA certificates and root CA certificates ? I am familiar with CA certificates but is not having any idea about these. Thanks for this latest update.
    digital certificates

    1. Hi,

      Check this link. It will give you some background on why to use Root and Sub CAS.