Public Disclosure of External Issuing CAs

Issuing CAs chaining to a publicly trusted QuoVadis Root must either be technically constrained, or undergo an independent audit and be publicly disclosed in the Repository on the QuoVadis website.

The following public disclosure includes external Issuing CAs that are not technically constrained and are covered by their own independent audits.

DarkMatter LLC


The DarkMatter CAs were previously hosted and operated by QuoVadis, and included in the QuoVadis WebTrust audits through 2017. In November 2017, the CAs were transitioned to DarkMatter’s own control following disclosure to browser root programs. The CAs have been continuously audited per Mozilla requirements. The migration was audited by DarkMatter’s auditors KPMG, and QuoVadis auditors EY were also present for the Bermuda aspects of the migration. DarkMatter had a point-in-time and an initial period-of-time WebTrust in place for their environment, and the CAs are now in scope for DarkMatter’s ongoing WebTrust audits. DarkMatter have been logging all SSL issuance to CT since the transfer.

 2016

2017

Repository 

Audit Reports     WebTrust for Certification Authorities, WebTrust for Baseline Requirements, WebTrust for Extended Validation

Fiducia & GAD IT AG

Repository 

Audit Reports  WebTrust for Certification Authorities, WebTrust for Baseline Requirements, WebTrust for Extended Validation

Siemens

Repository 

Audit Reports     ETSI TS 102042 V2.4.1