CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open Incident Related Bugs

Investigation or Discussion

Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Resulting CA Action Items

The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1429639 DigiCert: BR 3.2.5 Validation of Authority Failure for OV Certs NEW Jeremy Rowley [ca-incident] - Need remediation status 2018-05-25T20:24:32Z

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1390988 Consorci AOC: Non-BR-Compliant Certificate Issuance NEW Francesc Ferrer [ca-compliance] 2018-05-23T19:01:28Z
1390990 D-TRUST: Non-BR-Compliant Certificate Issuance NEW Arno Fiedler [ca-compliance] [remediation-accepted] Next Action: 2018-06-16 2018-02-27T14:26:53Z
1391063 QuoVadis: Non-BR-Compliant Certificate Issuance NEW Stephen Davidson [ca-compliance] [remediation-accepted] Next Update - 2018-06-30 2018-03-02T17:15:13Z
1391068 Taiwan-CA: Non-BR-Compliant Certificate Issuance NEW Robin Lin [ca-compliance] - Next Update - 15-May 2018 2018-05-23T20:15:50Z
1391074 T-Systems: Non-BR-Compliant Certificate Issuance NEW Lothar Eickholt [ca-compliance] 2018-05-02T15:43:49Z
1391087 Visa: Non-BR-Compliant Certificate Issuance NEW Marcelo B. Silva [ca-compliance] 2018-02-23T15:31:44Z
1397957 DigiCert / CTJ: Metadata in OU fields, Reserved IP Address NEW Jeremy Rowley [ca-compliance] - Next Update - 01-January 2019 2018-05-23T20:48:48Z
1397961 DigiCert / Justica: Invalid DNS names NEW Jeremy Rowley [ca-compliance] - Need updated audit statements for the subCA 2018-05-23T21:39:42Z
1398247 DocuSign/Keynectis: Non-BR-Compliant OCSP Responders NEW Erwann Abalea [ca-compliance] 2018-05-23T21:22:07Z
1398269 DigiCert: Non-BR-Compliant OCSP Responders NEW Jeremy Rowley [ca-compliance] - Next Update - 30-April 2018 2018-05-23T21:53:08Z
1409766 Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2018-05-23T22:15:10Z
1417771 DigiCert: Symantec non-constrained/non-disclosed intermediates UNCONFIRMED Jeremy Rowley [ca-compliance] 2018-05-23T23:16:12Z
1420860 Asseco/Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2018-05-24T18:35:11Z
1425805 Consorci AOC: Insufficient Audit Statements UNCONFIRMED Francesc Ferrer [ca-compliance] 2018-04-25T20:03:38Z
1426247 Telia: Non-BR-Compliant OCSP Responder NEW pekka.lahtiharju [ca-compliance] 2018-04-11T23:38:20Z
1428877 SwissSign: Invalid DNSName in SAN NEW Reinhard Dietrich [ca-compliance] 2018-05-25T09:01:40Z
1436173 Digicert: SCEE / Justica: Non-BR-Compliant Certificate Issuance NEW Ben Wilson [ca-compliance] 2018-05-24T00:14:51Z
1439128 E-Tugra: Failure to respond to January 2018 survey NEW Davut Tokgöz [ca-compliance] 2018-05-25T09:45:03Z
1443731 SwissSign: Cert issued with a to long validity period UNCONFIRMED Reinhard Dietrich [ca-compliance] 2018-05-25T08:19:51Z
1444455 DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates NEW Erwann Abalea [ca-compliance] 2018-05-06T14:59:23Z
1446121 IdenTrust: Improper encoding of wildcard certificate NEW roots [ca-compliance] - Next Update - 01-October 2018 2018-04-10T16:30:02Z
1447192 DigiCert Onion Certs UNCONFIRMED Jeremy Rowley [ca-compliance] 2018-05-24T23:24:35Z
1448986 Entrust - IP Address in dNSName form UNCONFIRMED Bruce Morton [ca-compliance] 2018-05-24T23:29:21Z
1451228 Certum: EV certificate mis-issue UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2018-05-25T11:24:55Z
1451578 Distrust the WebTrust Audit of EY (HanYoung) South Korea and KPMG (Samjong) South Korea UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] - Government of Korea GPKI 2018-05-03T22:40:35Z
1451950 DigiCert: Intermediate Cert(s) not disclosed in CCADB NEW Ben Wilson [ca-compliance] 2018-05-24T23:34:17Z
1451953 TeliaSonera: Intermediate Cert(s) Not Disclosed in CCADB NEW Wayne Thayer [:wayne] [ca-compliance] - Next Update - 01-May 2018 2018-05-25T06:59:03Z
1452671 SECOM: TSA Certs Issued from Root NEW Hisashi Kamo [ca-compliance] - Next Update - 01-October 2018 2018-05-01T17:21:50Z
1455119 Firmaprofesional: Undisclosed Intermediate certificate NEW chemalogo [ca-compliance] 2018-05-27T22:39:25Z
1455128 Certicamara: Undisclosed Intermediate certificates NEW Leonardo Maldonado [ca-compliance] 2018-05-25T00:14:34Z
1455132 SwissSign: Undisclosed Intermediate Certificates NEW Reinhard Dietrich [ca-compliance] 2018-05-25T00:18:47Z
1455137 T-Systems: Undisclosed Intermediate certificate NEW Bernd [ca-compliance] 2018-05-25T00:23:49Z
1455147 Camerfirma: Missing audit for Intermediate certificate NEW Juan Angel Martin [ca-compliance] 2018-05-06T14:59:57Z
1455150 DigiCert: Missing audits for Intermediate certificates NEW Ben Wilson [ca-compliance] 2018-05-21T20:38:39Z
1456655 ABB issues with DN, country code and keyUsage UNCONFIRMED Brenda Bernal [ca-compliance] 2018-05-25T20:56:27Z
1458038 DocuSign/Keynectis: Missing BR Self Assessment NEW Erwann Abalea [ca-compliance] 2018-05-23T18:43:58Z
1459557 SwissSign: Certificate issue with Signature UNCONFIRMED Reinhard Dietrich [ca-compliance] - Next Update - 01-August 2018 2018-05-25T08:20:50Z
1461391 Comodo: Misissuance using "CNAME CSR Hash 2" method of domain control validation ASSIGNED Rob Stradling [ca-compliance] 2018-05-24T19:47:37Z
1462423 NetLock: CN not in SAN UNCONFIRMED Varga Viktor [ca-compliance] 2018-05-17T23:18:19Z
1462797 E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString NEW Davut Tokgöz [ca-compliance] 2018-05-25T09:47:41Z
1462844 GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString NEW Daymion Reynolds [ca-compliance] 2018-05-25T22:00:28Z
1463975 [GRCA] Misissued certificates: Invalid commonName, commonName not in SAN NEW National Development Council [ca-compliance] 2018-05-25T00:00:35Z
1464286 Swisscom: Missing Audits for Unconstrained Intermediate Certificates ASSIGNED H-P Waldegger [ca-compliance] 2018-05-25T09:04:39Z

43 Total; 43 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: