CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open Incident Related Bugs

Investigation or Discussion

Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Resulting CA Action Items

The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1374381 SwissSign: BRs require full annual audits REOPENED Reinhard Dietrich [ca-compliance] 2018-07-13T10:16:10Z
1390988 Consorci AOC: Non-BR-Compliant Certificate Issuance NEW Francesc Ferrer [ca-compliance] - Next Update - 01-July 2018 2018-05-30T22:00:38Z
1390990 D-TRUST: Non-BR-Compliant Certificate Issuance NEW Arno Fiedler [ca-compliance] [remediation-accepted] Next Action: 2018-06-16 2018-02-27T14:26:53Z
1391063 QuoVadis: Non-BR-Compliant Certificate Issuance NEW Stephen Davidson [ca-compliance] [remediation-accepted] Next Update - 2018-06-30 2018-03-02T17:15:13Z
1391068 Taiwan-CA: Non-BR-Compliant Certificate Issuance NEW Robin Lin [ca-compliance] - Next Update - 15-May 2018 2018-06-07T00:56:36Z
1391074 T-Systems: Non-BR-Compliant Certificate Issuance NEW Lothar Eickholt [ca-compliance] 2018-06-28T11:01:10Z
1391087 Visa: Non-BR-Compliant Certificate Issuance NEW Marcelo B. Silva [ca-compliance] 2018-02-23T15:31:44Z
1397957 DigiCert / CTJ: Metadata in OU fields, Reserved IP Address NEW Jeremy Rowley [ca-compliance] - Next Update - 01-January 2019 2018-06-20T16:22:14Z
1398246 Consorci AOC: Non-BR-Compliant OCSP Responders REOPENED Francesc Ferrer [ca-compliance] 2018-06-06T12:24:46Z
1398247 DocuSign/Keynectis: Non-BR-Compliant OCSP Responders NEW Erwann Abalea [ca-compliance] 2018-07-16T11:07:39Z
1409766 Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2018-05-23T22:15:10Z
1417771 DigiCert: Symantec non-constrained/non-disclosed intermediates UNCONFIRMED Jeremy Rowley [ca-compliance] 2018-07-08T23:13:17Z
1420860 Asseco/Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2018-06-14T13:36:22Z
1425805 Consorci AOC: Insufficient Audit Statements UNCONFIRMED Francesc Ferrer [ca-compliance] - Next update 30-June-2018 2018-06-01T23:27:27Z
1428877 SwissSign: Invalid DNSName in SAN NEW Reinhard Dietrich [ca-compliance] 2018-05-31T08:53:03Z
1436173 Digicert: SCEE / Justica: Non-BR-Compliant Certificate Issuance NEW Ben Wilson [ca-compliance] - Next Update - 15-August 2018 2018-07-11T00:59:36Z
1443731 SwissSign: Cert issued with a to long validity period UNCONFIRMED Reinhard Dietrich [ca-compliance] - Next Update - 01-August 2018 2018-05-30T22:32:47Z
1444455 DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates NEW Erwann Abalea [ca-compliance] 2018-07-10T07:52:23Z
1446121 IdenTrust: Improper encoding of wildcard certificate NEW roots [ca-compliance] - Next Update - 01-October 2018 2018-04-10T16:30:02Z
1448986 Entrust - IP Address in dNSName form UNCONFIRMED Bruce Morton [ca-compliance] 2018-05-24T23:29:21Z
1451578 Distrust the WebTrust Audit of EY (HanYoung) South Korea and KPMG (Samjong) South Korea UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] - Government of Korea GPKI 2018-05-03T22:40:35Z
1451950 DigiCert: Intermediate Cert(s) not disclosed in CCADB NEW Ben Wilson [ca-compliance] 2018-06-20T16:23:17Z
1452671 SECOM: TSA Certs Issued from Root NEW Hisashi Kamo [ca-compliance] - Next Update - 01-October 2018 2018-05-01T17:21:50Z
1455119 Firmaprofesional: Undisclosed Intermediate certificate NEW chemalogo [ca-compliance] 2018-05-31T19:02:35Z
1455128 Certicamara: Undisclosed Intermediate certificates NEW Leonardo Maldonado [ca-compliance] 2018-05-25T00:14:34Z
1455132 SwissSign: Undisclosed Intermediate Certificates NEW Reinhard Dietrich [ca-compliance] 2018-07-15T17:35:41Z
1455137 T-Systems: Undisclosed Intermediate certificate NEW Bernd [ca-compliance] 2018-06-29T18:25:26Z
1455147 Camerfirma: Missing audit for Intermediate certificate NEW Juan Angel Martin [ca-compliance] 2018-07-02T17:53:02Z
1455150 DigiCert: Missing audits for Intermediate certificates NEW Ben Wilson [ca-compliance] 2018-07-02T20:03:54Z
1456655 ABB issues with DN, country code and keyUsage UNCONFIRMED Brenda Bernal [ca-compliance] - Next Update - 01-October 2018 2018-06-27T18:09:45Z
1458038 DocuSign/Keynectis: Missing BR Self Assessment NEW Erwann Abalea [ca-compliance] 2018-05-23T18:43:58Z
1459557 SwissSign: Certificate issue with Signature UNCONFIRMED Reinhard Dietrich [ca-compliance] - Next Update - 01-August 2018 2018-05-25T08:20:50Z
1461391 Comodo: Misissuance using "CNAME CSR Hash 2" method of domain control validation ASSIGNED Rob Stradling [ca-compliance] 2018-05-24T19:47:37Z
1462423 NetLock: CN not in SAN UNCONFIRMED Varga Viktor [ca-compliance] 2018-05-17T23:18:19Z
1462797 E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString NEW Davut Tokgöz [ca-compliance] 2018-06-13T20:42:19Z
1462844 GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString NEW Daymion Reynolds [ca-compliance] 2018-05-25T22:00:28Z
1463975 [GRCA] Misissued certificates: Invalid commonName, commonName not in SAN NEW National Development Council [ca-compliance] 2018-05-25T00:00:35Z
1464359 Incident Report: Firmaprofesional: Undisclosed Intermediate certificate SDS UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2018-05-31T19:02:35Z
1465600 [DigiCert] Invalid Country Code Issuance UNCONFIRMED Brenda Bernal [ca-compliance] 2018-07-05T17:26:52Z
1466252 Cybertrust Japan: three test websites not provided NEW Wayne Thayer [:wayne] [ca-compliance] 2018-07-06T10:11:13Z
1467110 OCSP responding good for non-issued certs by Consorci AOC root already solved UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2018-06-13T21:51:16Z
1468477 QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage NEW Stephen Davidson [ca-compliance] - Next Update - 01-July 2018 2018-06-29T16:17:53Z
1472052 Quovadis: Certificate containing Debian weak key NEW Stephen Davidson [ca-compliance] 2018-07-05T23:40:00Z
1473971 SwissSign: Domain validated certificate but with stateOrProvinceName UNCONFIRMED Reinhard Dietrich [ca-compliance] 2018-07-06T19:02:58Z
1475115 Telia: Qualified Audit Statements NEW pekka.lahtiharju [ca-compliance] 2018-07-12T00:51:39Z
1475563 GDCA: Misissuance of certificates with IP address UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2018-07-16T10:09:31Z

46 Total; 46 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: