[Add Issuer]: Please Add "TrusAuth Root CA - G2" Certificate

[LeviMarvin]

Mozilla Bugzilla Root Inclusion URL

No response

CA CP/CPS Website URL

https://www.trusauth.eu.org/cps/

CT Logs

• [ ] Oak (production)
• [X] Sapling (testing)

Issuer Certificate

-----BEGIN CERTIFICATE----- MIIFtjCCA56gAwIBAgIICD6jp27i6dUwDQYJKoZIhvcNAQELBQAwRzEVMBMGA1UE ChMMVHJ1c0F1dGggSW5jMQ4wDAYDVQQLEwVUQSBFVTEeMBwGA1UEAxMVVHJ1c0F1 dGggUm9vdCBDQSAtIEcyMB4XDTIyMDEwMTAwMDAwMFoXDTQxMTIzMTIzNTk1OVow RzEVMBMGA1UEChMMVHJ1c0F1dGggSW5jMQ4wDAYDVQQLEwVUQSBFVTEeMBwGA1UE AxMVVHJ1c0F1dGggUm9vdCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAkWB0ED6KoqP3m31DIfSTPrjjQgWEHFKgta4B7Fib1uVNv06aXiJi PDTJu03rfhqA/f76/mtz5oP4aKiguuhyoeqWcXN+EcRlUUeVzAQXHKXttt3sN5gJ cKGtG9krUgSb0uNoHmfs1D8izpeHtJuYo7ZwKBAio+3dbRZMAjw3JgErjtw/gNk/ q34r6XPxu//F4dCWykHYFqgMW2sqT3CXZKbsbCbUQanCMhCfP09DUgvOJDzMf4V7 oe8zN27Nj28FSOC7Du6re/SKpinvJJKGdVwBKnipi2BCrxa+cyHenUpFWdYx/kGW GQoC90K0EqAxuscGkC7o6lFsc9JB9sLnqoUriY7jr1zKl2WPSqLSdcH1WejmvR57 waMjskmgGwtGnhUJxTyAiluQUiRrJcqBFDxULfH+Afq3lZHVIqdbiQqWfof8KrK6 UjEvLYMa6Mwp3R31oPLABoZrrJLGDD8firUt6nAwcHvTk+6o1i+2kpZUswbkyfMi l5ecNZLvrQ0n3VQ4/7Qkt3rDGgweoQZgiXrf3mPuy2wnYwaimVN7g7f/gQA2BeXW fBEpNHhdaiSDcSPRXhqbZjsUoST+hJM9JsO65GMgD56VcmcQ7nm6d90/g51lJC2R wYyGpJ3lyts2Eun5UDZ+kUV6ay4qlSelCc/xEZJtHGYUZ4jp6PnqOrECAwEAAaOB pTCBojBgBgNVHSMEWTBXoUukSTBHMRUwEwYDVQQKEwxUcnVzQXV0aCBJbmMxDjAM BgNVBAsTBVRBIEVVMR4wHAYDVQQDExVUcnVzQXV0aCBSb290IENBIC0gRzKCCAg+ o6du4unVMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFByajQ+rxj/OpwP2iyeD Vbz6Nlh3MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAh8egwCtS qPrxksO2JW3d8w1TY9lt8HZ1wakBNqUKZzxHE56AM0I5Doo4fwjr0aq9NkKZUCbP balsTh0gmsVK5iWKv/fLp5uIN4cRuIIfHv1ZytjgNhA/14xa0zHachoXEVkdL8CN kJDI7PAk03yUW3FXaZOoH+wJa9VcAicPIG5OPe13sDg4nvhoqO/oMdrIUtsMTYo4 +sab4KcZNlohhR3AcPy9s5onVH0RKvCxhxQFyl0klAeGw8hiT9zHDJLhbL4mVe5t GpafuJBO3MPs9eIVGcgOfXYdL9CIKqBWlOVXoljbene0LY/zCD8pNpbmZmOHQRXy t+ss8lZQo7ZKxnngtfM5iG5M9MtRUprcKUIm6B+7A+j9q/hIMIQWNKF5WnKQJ4/w a1mWv1B00LlnepnqW2FFMpeGQQAl4GXy8eEA/ljfiYHkL9tYJTT+PzkOTFEwyNcn 8e6EG9JL8pMsRAv1SQ8K2HYG/uQtrxsmsl5oiqVzJ96UIVwXn3a9cqk4fyLVoW/l 4/MNby46o03o0yyZdM9xqShvh/SPUsrRBOFxSYyM5ERhKNbCmyw41l/HegeIkm2H xXtlNsthPPxNAS6kb8G7+4ZvfbdzitJph40G4teQtg1o4X3b8IZN/+/h16weye5g Kg2ex2pvDH6VT52HklOdLR/nXy/VOfIlSlE= -----END CERTIFICATE-----

CT Policy

• [X] We are subscribed to the Certificate Transparency Policy Google Group

[pgporada]

Hi @LeviMarvin,

Thank you for submitting all of these root inclusion requests. At this time I will not be accepting these roots into Sapling. Instead, my suggestion is to use the ct-test-srv software to test your CA implementation in preparation for your roots being accepted into the Microsoft/Mozilla/Chrome/Apple CA root programs. Once progress has been made getting your root certificates incorporated into those WebPKI root programs, I'd be happy to add your roots to Sapling.

Sapling is a preproduction log, intended for certificates which are not publicly trusted, but which are issued by Certificate Authorities who either issue or are expected to issue publicly trusted certificates.

[LeviMarvin]

Hi @pgporada, Could you tell me the reason about the rejection? These roots will not be accepted by Mozilla root programs I guess. So them will not be added to production server. I just request add them to testing server. If roots can not be add to testing server, my PKI will not be able to used for SSL/TLS connection. And if my roots are added, it can also prevent my PKI from being used for attacks.

[mcpherrinm]

Sapling is a test log, but it is intended for testing by Certification Authorities who will also be submitting to our production log, Oak.

Since this root doesn’t appear to be in progress of being included as a root certificate in major root programs, it is not eligible to be included.