Automattic inclusion of all CA certs to a keyring

This item is a valid requirement but unlikely to be given high enough priority to be placed into the product plan. If this requirement is high value, please re-open it, or open a new requirement.

Thank you for the additional information. We understand and accept the requirement.

Thank you for submitting this requirement. We would appreciate some clarification.
- How does a virtual CA keyring save work in the use case provided? When you remove a cert from the database, it is automatically removed from keyrings.

I guess I do not understand your question here, The Virtual Keyrings are great when I am client that is not doing client authentication. The issue becomes when I need to do Client Authentication for myside, we have a mandate that we must have a keyring per application and thus anytime we add a CA certificate we need to add it to every ring we have



- How many CERTAUTH certs do you have? We are concerned that there would be significant performance impact to search all CERTAUTHs, particularly when building cert chains.

I believe we have around 40 CAs that we have in our database

- Do you trust all CERTAUTHS equally for all applications? A virtual CERTAUTH keyring might only be useful for applications for which trust is not a priority. We are concerned that some customers may tend to use such a keyring for everything, for convenience, without understanding which certs are really needed or should be trusted.
All CA certificates are vetted by our security team prior to being added so yes we would Trust those certs equally.

Thank you for submitting this requirement. We would appreciate some clarification.
- How does a virtual CA keyring save work in the use case provided? When you remove a cert from the database, it is automatically removed from keyrings.

I guess I do not understand your question here, The Virtual Keyrings are great when I am client that is not doing client authentication. The issue becomes when I need to do Client Authentication for myside, we have a mandate that we must have a keyring per application and thus anytime we add a CA certificate we need to add it to every ring we have



- How many CERTAUTH certs do you have? We are concerned that there would be significant performance impact to search all CERTAUTHs, particularly when building cert chains.

I believe we have around 40 CAs that we have in our database

- Do you trust all CERTAUTHS equally for all applications? A virtual CERTAUTH keyring might only be useful for applications for which trust is not a priority. We are concerned that some customers may tend to use such a keyring for everything, for convenience, without understanding which certs are really needed or should be trusted.
All CA certificates are vetted by our security team prior to being added so yes we would Trust those certs equally.

Thank you for submitting this requirement. We would appreciate some clarification.
- How does a virtual CA keyring save work in the use case provided? When you remove a cert from the database, it is automatically removed from keyrings.
- How many CERTAUTH certs do you have? We are concerned that there would be significant performance impact to search all CERTAUTHs, particularly when building cert chains.
- Do you trust all CERTAUTHS equally for all applications? A virtual CERTAUTH keyring might only be useful for applications for which trust is not a priority. We are concerned that some customers may tend to use such a keyring for everything, for convenience, without understanding which certs are really needed or should be trusted.