Copyright © 2018

TRUSTED ROOT PROGRAM NEW CERTIFICATE AUTHORITY APPLICATION

PRIMARY Last Name First Name Email Phone Title ALTERNATE Last Name First Email Phone Title COMPANY Company Name* *Note: Company name must be included here as it appears on your root certificate.Address 1 Address 2 City State/Province ZIP Code Country Phone Company

Website URL Are you currently a sub-CA?

Yes No

Parent CA

APPLICATION TYPE Type of Application Commercial

Government Other root stores applying to?

AppleMozilla Other _____________

Note: All applicants must conform to standards outlined in https://aka.ms/auditreqs. Commercial applicants must be audited by an accredited public auditor and issue certificates to the public as line of business. Government applicants do not issue certificates to the public. Government roots are technically constrained to “non-commercial” gTLD associated with their ccTLD. A government CA can use Internal auditors in lieu of public auditors for their annual audits. Additional information can be found at https://aka.ms/rootcertapply. DOMAIN CONSTRAINTS (Government Applicants Only*) List all gTLDs/ccTLDs (Example: *.gov.xxx, *.mil.xxx, etc.) AUDITOR INFORMATON Name of Firm (Commercial) / Government Entity (Government) Last Name First Name Phone Email Statement Date Audit Type Point-in-Time*

Period-in-Time *Note: Point-in-Time audits are ONLY acceptable for new CAs who do not meet the period requirement for a Period-in-Time audit. Microsoft expects all CAs to conduct Period-in-Time audits 90 days after issuing the CA's first certificate and

annually thereafter.

CONTACT INFORMATION

Copyright © 2018

JUSTIFICATION / PROPOSAL PKI HIERARCHY PKI Hierarchy: Attached with this application

URL (Recommended for commercial) URL

ENTRANCE

Please explain why you want to be included in the Microsoft Trusted Root Program. Justification exceeds space provided. I am accompanying this application with an explanation document.

EKU *Note: Please provide justification for the EKUs you are requesting for your root certificates. Code Signing EKU is only available for

commercial applicants who have achieved three unqualified audit cycles. EKU JUSTIFICATION

Server Authentication

Client Authentication

Secured Email

Document Signing

Time Stamping

OCSP Signing

Other:

ROOT CERTIFICATES ROOT CERTIFICATE 1 Name

SHA256 Thumbprint

Role*

*Note: Complete the Role section only if you are submitting multiple roots. Microsoft will use this information to understand the unique function of each root submitted in your application.

EKUs Requested Server AuthenticationClient AuthenticationSecured Email

Document SigningTime StampingOCSP SigningOther _________________

Copyright © 2018

URL LINKS Root Certificate Download page

Valid Test Page

Expired Test Page

Revoked Test page

ROOT CERTIFICATE 2 (*OPTIONAL) Name

SHA256 Thumbprint

Role*

*Note: Complete the Role section only if you are submitting multiple roots. Microsoft will use this information to understand the unique function of each root submitted in your application.EKUs Requested Server Authentication

Client AuthenticationSecured Email

Document SigningTime StampingOCSP SigningOther _________________

URL LINKS Root Certificate Download page

Valid Test Page

Expired Test Page

Revoked Test page

*If you are submitting more than two Root certificates, please provide the additional information in another document.

I certify that I have read and will adhere to Microsoft Trusted Root Program Requirements. I certify that to the best of my knowledge all audits conform to Microsoft requirements as per https://aka.ms/auditreqs I certify that all answers are true and complete to the best of my knowledge. I acknowledge that this application does not guarantee acceptance into the TRP. If this application is approved, we will need

to engage in a formal contract with Microsoft before root certificates are included in the TRP.

Printed Name Signature Date

*Microsoft will accept a physical signature, digital signature, or submittal from a trusted SMIME email address.