trusted root program...to engage in a formal contract with microsoft before root certificates are...
TRANSCRIPT
Copyright © 2018
TRUSTED ROOT PROGRAM NEW CERTIFICATE AUTHORITY APPLICATION
PRIMARY Last Name First Name Email Phone Title ALTERNATE Last Name First Email Phone Title COMPANY Company Name* *Note: Company name must be included here as it appears on your root certificate.Address 1 Address 2 City State/Province ZIP Code Country Phone Company
Website URL Are you currently a sub-CA?
Yes No
Parent CA
APPLICATION TYPE Type of Application Commercial
Government Other root stores applying to?
AppleMozilla Other _____________
Note: All applicants must conform to standards outlined in https://aka.ms/auditreqs. Commercial applicants must be audited by an accredited public auditor and issue certificates to the public as line of business. Government applicants do not issue certificates to the public. Government roots are technically constrained to “non-commercial” gTLD associated with their ccTLD. A government CA can use Internal auditors in lieu of public auditors for their annual audits. Additional information can be found at https://aka.ms/rootcertapply. DOMAIN CONSTRAINTS (Government Applicants Only*) List all gTLDs/ccTLDs (Example: *.gov.xxx, *.mil.xxx, etc.) AUDITOR INFORMATON Name of Firm (Commercial) / Government Entity (Government) Last Name First Name Phone Email Statement Date Audit Type Point-in-Time*
Period-in-Time *Note: Point-in-Time audits are ONLY acceptable for new CAs who do not meet the period requirement for a Period-in-Time audit. Microsoft expects all CAs to conduct Period-in-Time audits 90 days after issuing the CA's first certificate and
annually thereafter.
CONTACT INFORMATION
Copyright © 2018
JUSTIFICATION / PROPOSAL PKI HIERARCHY PKI Hierarchy: Attached with this application
URL (Recommended for commercial) URL
ENTRANCE
Please explain why you want to be included in the Microsoft Trusted Root Program. Justification exceeds space provided. I am accompanying this application with an explanation document.
EKU *Note: Please provide justification for the EKUs you are requesting for your root certificates. Code Signing EKU is only available for
commercial applicants who have achieved three unqualified audit cycles. EKU JUSTIFICATION
Server Authentication
Client Authentication
Secured Email
Document Signing
Time Stamping
OCSP Signing
Other:
ROOT CERTIFICATES ROOT CERTIFICATE 1 Name
SHA256 Thumbprint
Role*
*Note: Complete the Role section only if you are submitting multiple roots. Microsoft will use this information to understand the unique function of each root submitted in your application.
EKUs Requested Server AuthenticationClient AuthenticationSecured Email
Document SigningTime StampingOCSP SigningOther _________________
Copyright © 2018
URL LINKS Root Certificate Download page
Valid Test Page
Expired Test Page
Revoked Test page
ROOT CERTIFICATE 2 (*OPTIONAL) Name
SHA256 Thumbprint
Role*
*Note: Complete the Role section only if you are submitting multiple roots. Microsoft will use this information to understand the unique function of each root submitted in your application.EKUs Requested Server Authentication
Client AuthenticationSecured Email
Document SigningTime StampingOCSP SigningOther _________________
URL LINKS Root Certificate Download page
Valid Test Page
Expired Test Page
Revoked Test page
*If you are submitting more than two Root certificates, please provide the additional information in another document.
I certify that I have read and will adhere to Microsoft Trusted Root Program Requirements. I certify that to the best of my knowledge all audits conform to Microsoft requirements as per https://aka.ms/auditreqs I certify that all answers are true and complete to the best of my knowledge. I acknowledge that this application does not guarantee acceptance into the TRP. If this application is approved, we will need
to engage in a formal contract with Microsoft before root certificates are included in the TRP.
Printed Name Signature Date
*Microsoft will accept a physical signature, digital signature, or submittal from a trusted SMIME email address.