CA/Closed Incidents
From MozillaWiki
< CA
Closed CA Compliance Bugs
A historical view of past overdue audit statements may be found here.
Below is a historical view of past CA compliance bugs. These bugs may have been valid and remedied by the CA, or may have been deemed invalid and closed as unnecessary.
All Other Issues
| Summary | ID | Status | Resolution | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|---|
| [meta] Bug for Tracking BR Compliance Issues | 1029147 | RESOLVED | WORKSFORME | Kathleen Wilson | [ca-compliance] -- tracking bug for BR Compliance issues | 2022-11-14T22:22:57Z |
| ACCV: Insufficient serial number entropy | 1536213 | RESOLVED | FIXED | Jose Amador | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: Certs issued with same issuer and serial number | 1405817 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: inaccurate value in stateOrProvinceName | 1648997 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] - Next Update - 1-October 2020 | 2022-11-14T22:22:57Z |
| Actalis: Incorrect OCSP Delegated Responder Certificate | 1649961 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: Insufficient serial number entropy | 1534295 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586787 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: Issuance of intermediates after 2020-08-20 that do not comply with Mozilla Policy and the Baseline Requirements | 1717357 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] Next update 2021-09-22 | 2022-11-14T22:22:57Z |
| Actalis: Non BR Compliant OCSP Responder | 1523680 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] | 2022-11-14T22:22:57Z |
| Actalis: Non-BR-Compliant Certificate Issuance | 1390974 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] | 2022-11-14T22:22:57Z |
| AlphaSSL/Globalsign: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420766 | RESOLVED | INVALID | Linus Hallberg | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon Trust Services: ALV Errors | 1713668 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] Next update 2021-07-01 | 2022-11-14T22:22:57Z |
| Amazon Trust Services: CP/CPS does not specify key compromise methods | 1713976 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6 | 1713978 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] Next update 2021-08-01 | 2022-11-14T22:22:57Z |
| Amazon Trust Services: Misissuance of Subordinate Per CPS | 1743935 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon Trust Services: Missing CAA Check For Test Website Certificates | 1746945 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon Trust Services: Overdue audit statements for intermediate certificates | 1757615 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-delay] | 2022-11-14T22:22:57Z |
| Amazon: CAA Misissuances | 1398428 | RESOLVED | FIXED | Peter Bowen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon: Failure to comply with RFC 5280 | 1521623 | RESOLVED | INVALID | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon: No Space In Private Organization | 1569266 | RESOLVED | FIXED | Dave Blunt | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon: Revoked Sample Certs - No SANs | 1574594 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Amazon: Test revoked certificates with invalid validity period | 1525710 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: CAs omitted from audit statement | 1724528 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: CRL issuance frequency deviates from CPS in some cases | 1772644 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: Empty SingleExtension in OCSP responses | 1669618 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: EV Certificate Approver Authorization | 1659316 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: EV TLS pre-certificates issued without EKU extension | 1777757 | RESOLVED | FIXED | certification_authority | [ca-compliance] Next update 2022-11-18 | 2022-11-26T18:18:29Z |
| Apple: OCSP availability 2020-11-12 | 1677234 | RESOLVED | FIXED | certification_authority | [ca-compliance] Next Update 2021-01-31 | 2022-11-14T22:22:57Z |
| Apple: OCSP responders return ‘unknown’ for valid S/MIME and TLS certificates | 1771398 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: OCSP responders return responses with incorrect issuer | 1588001 | RESOLVED | FIXED | certification_authority | [ca-compliance] - Next Update - 30-June 2020 | 2022-11-14T22:22:57Z |
| Apple: Patch Management | 1598829 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Apple: Test web page certificates expired | 1730291 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: CA certificates not listed in audit report | 1598277 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record | 1409766 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag | 1409764 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420860 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: commonName not from subjectAltName entries | 1550575 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Corrupted certificates | 1511459 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: CPS does not refer to BR domain validation methods | 1717034 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: EV certificate mis-issue | 1451228 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: EV Certificates issued with wrong Business Category | 1600301 | RESOLVED | FIXED | Aleksandra Kapinos | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Failure to provide a preliminary report within 24 hours. | 1667684 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Forward dating certificates (notBefore in the future) | 1718680 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate | 1567062 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Incorrect localityName | 1710206 | RESOLVED | INVALID | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Incorrect localityName | 1711208 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Incorrect OCSP response encoding | 1639502 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Invalid dnsNames | 1524195 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Invalid stateOrProvinceName field | 1667986 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Invalid stateOrProvinceName field (recurrent incident) | 1709392 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Invalid value in SAN dNSName | 1611458 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: IP in dnsName | 1524878 | RESOLVED | DUPLICATE | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: non-audited intermediate certificate | 1579299 | RESOLVED | INVALID | Aleksandra Kapinos | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys | 1435770 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Overdue Audit Statements 2019 | 1566586 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] Overdue Audits for root certs | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) | 1495518 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Use of forbidden subjectPublicKeyInfo algorithm | 1518560 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] | 2022-11-14T22:22:57Z |
| ATOS: Incorrect OCSP Delegated Responder Certificate | 1649963 | RESOLVED | FIXED | u636358 | [ca-compliance] | 2022-11-14T22:22:57Z |
| Atos: Insufficient Serial Number Entropy | 1540961 | RESOLVED | FIXED | u636358 | [ca-compliance] | 2022-11-14T22:22:57Z |
| Atos: Tracking bug for possible audit delays | 1626355 | RESOLVED | FIXED | u636358 | [ca-compliance][audit-delay][covid-19] Next Update 1-Oct-2020 | 2022-11-14T22:22:57Z |
| Buypass: Illegal Business Category in a PSD2 QWAC | 1632632 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Buypass: Insufficient Serial Number Entropy | 1539307 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Buypass: Intermediate certificates not listed in audit reports | 1595113 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs | 1626078 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Buypass: PSD2 QWAC with RSA modulus not divisible by 8 | 1654216 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] Next Update 30-Sept-2020 | 2022-11-14T22:22:57Z |
| Camerfirma: audit gap | 1583470 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: certificate for unregistered domain cuatis.net | 1672423 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Certificate issued with 3-year lifespan, unknown policy | 1686524 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: certificate with an incorrect OrganizationName | 1680083 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Certificates without CABForum OV Reserved Policy Identifier | 1685557 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Certs issued with same issuer and serial number | 1405815 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: certs with duplicate SANs and without localityName or stateOrProvinceName | 1357067 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant | 1688215 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: EV Certificates issued with wrong Business Category | 1600114 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA | 1672029 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: failure to revoke underscores | 1524871 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Govern d'Andorra Audit Delay | 1704140 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [audit-delay] | 2022-11-14T22:22:57Z |
| Camerfirma: Incorrect disclosure of Intesa Sanpaolo sub-CA | 1672562 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Incorrect OCSP Delegated Responder Certificate | 1649944 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Infocert misissued certificates | 1556806 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Intesa Sanpaolo misissued certificates | 1557085 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Invalid authorityKeyIdentifier - recurrent incident | 1623384 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Invalid stateOrProvinceName field | 1667430 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Missing audit for Intermediate certificate | 1455147 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: MULTICERT certificates with a validity period greater than 825 days | 1509002 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: MULTICERT Misissuance and missing audits | 1502957 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: MULTICERT organizationName Too Long | 1481862 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy | 1534429 | RESOLVED | FIXED | ca.forum | [ca-compliance] | 2022-11-14T22:22:57Z |
| CamerFirma: No disclosure of verification sources | 1688382 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Non-BR-Compliant Certificate Issuance | 1390977 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Non-BR-Compliant Issuance - DNSName is empty | 1443857 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Non-BR-Compliant Issuance - Non-printable characters in OU field | 1431164 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Non-BR-Compliant OCSP Responders | 1426233 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Old CAs with an RSA modulus size of 2047 bits | 1692533 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Outdated audit statements for intermediate certs | 1549861 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Potential Mis-Issuance based on CAA records | 1420871 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Qualified Audit Statements | 1478933 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: suspicious certificate for com.com | 1672409 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] | 2022-11-14T22:22:57Z |
| Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate | 1532333 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certainly: Root CRL validity period exceeds maximum by one second | 1732745 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certainly: Serving Expired OCSP Responses | 1771238 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] Next update 2022-07-31 | 2022-11-14T22:22:57Z |
| Certainly: TLS Using ALPN TLS Version and OID | 1752452 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certicamara: Failure to respond to September 2018 CA Survey | 1498409 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certicamara: Undisclosed Intermediate certificates | 1455128 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certigna : certificates issued with 2 SCT | 1709896 | RESOLVED | INVALID | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certigna: Issuance without respecting CAA records | 1485413 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certigna: Precertificate with a validity period greater than 398-days | 1774171 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: 174 certificates with unknown OCSP status | 1551390 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: certificate for test.com, O=Entreprise TEST | 1496088 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: certificates for an unregistered domain, with unknown OCSP status | 1544933 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: certificates with invalid DNS SAN | 1551357 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: certificates with space in dNSName SAN | 1539531 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB | 1386891 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: email address in DNS SAN | 1503128 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: invalid CDP extension | 1524451 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: invalid DNS names in SAN | 1524094 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Invalid SAN in a certificate | 1542793 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: invalid state and locality fields in subject | 1524103 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Invalid TLD in SAN | 1542328 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: misissued "test" certificates | 1524448 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Non-BR-Compliant Certificate Issuance | 1390978 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: O=POUR TEST in subject | 1524112 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Unqualified Domain Name in SAN | 1495524 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: Use of Domain Validation Method 3.2.2.4.5 after August 1, 2018 | 1547072 | RESOLVED | INVALID | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis: validity period >825 days | 1524449 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis/Docapost: Failure to respond to January 2018 survey | 1439126 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] | 2022-11-14T22:22:57Z |
| Certinomis/Docapost: Non-BR-Compliant OCSP Responders | 1425998 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: "Some-State" in stateOrProvinceName | 1551375 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: CPS specifies md5 and sha1WithRSAEncryption as useable signature types | 1718675 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: Incorrect data in stateOrProvinceName | 1763173 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client | 1674886 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: Non-BR-Compliant Certificate Issuance | 1390979 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [remediation-accepted] Next Update: 2017-10-01 | 2022-11-14T22:22:57Z |
| certSIGN: Non-BR-Compliant OCSP Responders | 1398243 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] | 2022-11-14T22:22:57Z |
| certSIGN: Subscriber precertificate without Certificate Policies | 1762707 | RESOLVED | FIXED | Valentin Necoara | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Internal iPAddress in certificate | 1524143 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: invalid dnsNames | 1524733 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Invalid TLD in SAN | 1532429 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Missed CPS update publication on website in 2018 | 1565494 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Precertificate with postalCode and streetAddress swapped | 1771482 | RESOLVED | FIXED | bixinlong | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Repeated unexplained delays in providing timely status updates | 1613409 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Wrong OrganizationName | 1608333 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] | 2022-11-14T22:22:57Z |
| CFCA: Wrong SerialNumber encoding | 1532559 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] | 2022-11-14T22:22:57Z |
| Chunghwa Telecom: Audit Letter Validation failures on intermediate certificates | 1614444 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] | 2022-11-14T22:22:57Z |
| Chunghwa Telecom: Test certificate with unregistered domain name | 1532436 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo CA issuing EV Certs without Higher Authority checks | 1501374 | RESOLVED | INVALID | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: CAA Mis-Issuance on basic test case | 1410834 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420858 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: CAA Misissuance | 1398545 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: CAA misissuances due to race condition | 1423624 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: Misissuance using "CNAME CSR Hash 2" method of domain control validation | 1461391 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: Non-BR-Compliant Certificate Issuance | 1390981 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo: Possible CAA Misissuance due against critical record | 1532313 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Comodo/cPanel: Potential Mis-Issuance based on CAA records (Sep 28, 2017) | 1420873 | RESOLVED | INVALID | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC : Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9 | 1590723 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC: EC-SECTORPUBLIC insufficient serial number entropy | 1538673 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC: Insufficient Audit Statements | 1425805 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC: Non-BR-Compliant Certificate Issuance | 1390988 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] - Next Update - 01-July 2018 | 2022-11-14T22:22:57Z |
| Consorci AOC: Non-BR-Compliant OCSP Responders | 1398246 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC: Problem reporting mechanism for Consorci AOC points to URL with invalid cert | 1428832 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Consorci AOC: Qualified audit statements | 1496616 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] CKA_NSS_SERVER_DISTRUST_AFTER | 2022-11-14T22:22:57Z |
| Cybertrust Japan: Root CRLs exceed maximum validity period by one second | 1737242 | RESOLVED | FIXED | Masaru Sakamoto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Cybertrust Japan: three test websites not provided | 1466252 | RESOLVED | FIXED | masahiro.shikutani | [ca-compliance] - Next update 19-Oct-2018 | 2022-11-14T22:22:57Z |
| D-TRUST: Certificate with RSA key where modulus is not divisible by 8 | 1691117 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: CRL not DER-encoded | 1793440 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: EV certificates with incorrectly used businessCategory entry | 1599561 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: incorrectly formatted businessCategory entry | 1567588 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: Issuance of non-conformant SSL certificate | 1610303 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] - Next Update - 2-Oct-2020 | 2022-11-14T22:22:57Z |
| D-TRUST: Non-BR-Compliant Certificate Issuance | 1390990 | RESOLVED | FIXED | Arno Fiedler | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: Precertificate OU > 64 Characters | 1563772 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: Private Key Disclosed by Customer as Part of CSR | 1682270 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-TRUST: syntax error in one tls certificate | 1509512 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| D-Trust: Wrong key usage (Key Agreement) | 1756122 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] Next update 2022-06-15 | 2022-11-14T22:22:57Z |
| D-TRUST: Wrong key usage (Key Encipherment) | 1647468 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] | 2022-11-14T22:22:57Z |
| DFN-PKI: Finding in 2020 ETSI audit | 1672208 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] | 2022-11-14T22:22:57Z |
| DFN-PKI: OCSP/CRL inconsistencies | 1786313 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] | 2022-11-14T22:22:57Z |
| Dhimyotis/Certigna: Certificates issued with validity periods greater than 398-days | 1667744 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z |
| Dhimyotis/Certigna: Intermediate Cert(s) not disclosed in CCADB | 1451949 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z |
| Dhimyotis/Certigna: Unconstrained CAs missing audits | 1614821 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / ABB: Issues with DN, country code and keyUsage | 1456655 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / CTJ: Metadata in OU fields, Reserved IP Address | 1397957 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / InfoCert: Insufficient Serial Number Entropy | 1397951 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Inteso San Paulo: Double dot characters | 1397969 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Justica: Invalid DNS names | 1397961 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] - Need updated audit statements for the subCA | 2022-11-14T22:22:57Z |
| DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate | 1647084 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Siemens: Insufficient Serial Number Entropy | 1397954 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Swiss Government: CommonName not in SANs | 1397965 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Telecom Italia: Several Problems | 1397960 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Terena: Metadata in OU fields | 1397958 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Verizon: Reserved/Intranet domain name | 1397968 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert / Wells Fargo: Invalid DNS names | 1397963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert OCSP services returns 1 byte | 1577014 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert Onion Certs | 1447192 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert Validation Scope Incident | 1556948 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: "Internet Widgits Pty Ltd" in organizationalUnitName | 1639032 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: "Some-State" in stateOrProvinceName | 1551363 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: & character in a printableString in ICA | 1593814 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: ABB greater than 825 day cert issuance | 1451446 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Apple: Non-compliant Common Name Length | 1556906 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Apple: Non-compliant Serial Numbers | 1533655 | RESOLVED | FIXED | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown" | 1582519 | RESOLVED | INVALID | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Apple: Unconstrained CAs not included in WTBR report | 1575125 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: CAA Checking Issue | 1550645 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Certificate Issues Identified on the Mailing List | 1389172 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: delayed publication of revocation information | 1640805 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: DigiCert issued cert with CN too long | 1353827 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Domain validation skipped | 1595921 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: ECCE 001 issuing certificates without subject alternative name extension | 1262610 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Entity not verified in organizationalUnitName | 1676003 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days | 1563573 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to find and revoke key-compromised certificates within 24 hours | 1693343 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to properly encode Subject name | 1618256 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to provide a preliminary report within 24 hours. | 1649277 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] Next Update 1-October-2020 | 2022-11-14T22:22:57Z |
| DigiCert: Failure to revoke invalid serialNumber EV certificates within 5 days | 1646866 | RESOLVED | INVALID | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: Failure to revoke key-compromised certificate | 1639802 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: Failure to revoke key-compromised certificates within 24 hours | 1639801 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to supervise ABB Subordinate CA | 1566162 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Good OCSP Responses for Revoked Intermediates | 1523676 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: improper domain validation | 1483715 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: in-addr.arpa Misissuance | 1531817 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Inconsistent EV audits | 1650910 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] - Next Update - 21-Sept-2020 | 2022-11-14T22:22:57Z |
| DigiCert: Incorrect OCSP Delegated Responder Certificate | 1649951 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Incorrect RegNumber-Org Type combination | 1714439 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Insufficient entropy in serial numbers | 1417777 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Intermediate Cert(s) not disclosed in CCADB | 1451950 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: Internal Domain Name cert mis-issuance | 1500621 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Invalid Country Code Issuance | 1465600 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Invalid localityName | 1710856 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Invalid stateOrProvinceName | 1710444 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: IP in dnsName | 1524875 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Issuance of Cert with Compromised Key | 1624527 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] Next Update - 1-June 2020 | 2022-11-14T22:22:57Z |
| DigiCert: Issuance of certs with weak keys (ROCA) | 1744795 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: JOI Issue | 1576013 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] Next Update - 1-Oct-2020 | 2022-11-14T22:22:57Z |
| Digicert: Key Size Not Divisible By 8 | 1653475 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: KPN Outdated Audit | 1539296 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Malformed ICA | 1654967 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Mis-issuance of certificate with https in CN/SAN | 1445857 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Missed Underscore Certificate Revocations | 1526154 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Missing audits for Intermediate certificates | 1455150 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: no subject alternative name in Siemens certs | 1017157 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Non-audited, non-technically-constrained intermediate certs | 1368176 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Non-BR Compliant Certificates - missing CP/CPS OID | 1339339 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Non-BR-Compliant OCSP Responders | 1398269 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] - Next Update - 30-April 2018 | 2022-11-14T22:22:57Z |
| DigiCert: OCSP NextUpdate | 1627152 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: OCSP responder returning invalid responses | 1662346 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] Next Update - 15-Oct 2020 | 2022-11-14T22:22:57Z |
| DigiCert: Org information issue in new validation workflow | 1794050 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: P-384,ecdsa-with-SHA512 Certificates | 1527423 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Private Keys Disclosed by Customers as Part of CSR | 1675684 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Revoked intermediate certificates not in CRL | 1548719 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: SCEE / Justica: Non-BR-Compliant Certificate Issuance | 1436173 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: SHA-1 intermediate issued after 2016-01-01 | 1684442 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: SHA-256 hash algorithm used with ECC P-384 key | 1664325 | RESOLVED | DUPLICATE | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Symantec non-constrained/non-disclosed intermediates | 1417771 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: TERENA: No localityName in EV precert | 1586604 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension | 1304895 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Truncation of Registration Number | 1727963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscore character certificates | 1515564 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Canadian Imperial Bank of Commerce | 1516561 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Citi | 1517617 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - CVS Pharmacy | 1515788 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] Next Update - 8-February 2019 | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Discover | 1516453 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Ericsson | 1516599 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Intuit | 1519572 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Underscores - Verizon | 1516545 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert: Undisclosed CAs -Federated Trust CA-1 | 1499585 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Unrevocation of BT Class 2 CA - G2 CA Certificate | 1442091 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Use of forbidden subjectPublicKeyInfo algorithm | 1518555 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Verizon CPS lacks problem reporting instructions | 1596931 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Verizon mis-issued test certificates | 1335132 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: Verizon: "Default City" in Subject:localityName | 1548716 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert: WTCA / WTBR Audit 2019 - Matters to be resolved | 1613505 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| Digicert/Symantec: EV JOI Issue | 1413761 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigiCert/Verizon: Qualified 2019 Audit Statements | 1573937 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z |
| DigitCert/Thawte: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420861 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| Disig: CPS does not refer to BR domain validation methods | 1717001 | RESOLVED | INVALID | Peter Miskovic | [ca-compliance] | 2022-11-14T22:22:57Z |
| Disig: Failure to provide a preliminary report within 24 hours. | 1670458 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] | 2022-11-14T22:22:57Z |
| Disig: Non-BR-Compliant Certificate Issuance | 1390991 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [remediation-accepted] Next Update - 2017-10 | 2022-11-14T22:22:57Z |
| Disig: Non-BR-Compliant OCSP Responders | 1398242 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] | 2022-11-14T22:22:57Z |
| Distrust the WebTrust Audit of EY (HanYoung) South Korea and KPMG (Samjong) South Korea | 1451578 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] - Government of Korea GPKI | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Missing BR Self Assessment | 1458038 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance | 1390994 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Non-BR-Compliant OCSP Responders | 1398247 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates | 1444455 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Outdated audit statements for Class 2 Primary CA | 1447497 | RESOLVED | WORKSFORME | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| DocuSign/Keynectis: Undisclosed Intermediate certificate | 1497700 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z |
| DSV-Gruppe: Failure to respond to January 2018 survey | 1439129 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: audit delay because of an environmental disaster/pandemic | 1659426 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance][audit-delay][covid-19] | 2022-11-14T22:22:57Z |
| E-Tugra: CA Certificate Missing from Audit Reports | 1716843 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] Next update 2022-02-16 | 2022-11-14T22:22:57Z |
| E-Tugra: commonName not in SAN | 1687139 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] Next Update 2021-03-05 | 2022-11-14T22:22:57Z |
| E-Tugra: Delayed Response of Revocation Request | 1687513 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Failure to respond to January 2018 survey | 1439128 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tuğra: Failure to Respond to May 2022 Survey | 1772414 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6 | 1716902 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462797 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Insufficient serial number entropy | 1542302 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] - Next Update | 2022-11-14T22:22:57Z |
| E-Tugra: Intermittent OCSP response with status 'Unknown' | 1687330 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Invalid DER results in failure to comply with RFC 5280 - Violating string length limit | 1582601 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| E-Tugra: Validity period > 825 days | 1449371 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] | 2022-11-14T22:22:57Z |
| EDICOM: Signing SHA-1 OCSP responses with unconstrained certificate | 1397830 | RESOLVED | FIXED | Raúl Santisteban | [ca-compliance] | 2022-11-14T22:22:57Z |
| emSign: Audit Delay | 1728790 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance][audit-delay][covid-19] | 2022-11-14T22:22:57Z |
| eMudhra emSign CA: Invalid AIA Extension Value | 1763700 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] | 2022-11-14T22:22:57Z |
| eMudhra emSign CA: Invalid OrganizationalUnitName | 1745015 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] | 2022-11-14T22:22:57Z |
| eMudhra: emSign CA ECC Test Certificate Misissuance | 1665688 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] | 2022-11-14T22:22:57Z |
| eMudhra: Failure to Respond to May 2022 Survey | 1772413 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue | 1536287 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Certificate issued with '-' in ST field | 1512018 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Certificate Issued with Incorrect Country Code | 1559376 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Certificate issued with validity greater than 825-days | 1561013 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: CRLs and OCSP responses not issued as specified in the CPS | 1737057 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization" | 1599484 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Failure to provide a preliminary report within 24 hours. | 1667690 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Incorrect Business Category Value Discovered in an EV SSL Certificate | 1685370 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Incorrect Jurisdiction Country Value in an EV Certificate | 1696227 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] Next update 2021-06-01 | 2022-11-14T22:22:57Z |
| Entrust: Incorrect keyUsage for ECC certificate | 1667448 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Incorrect value in Business Category field for Government Entities | 1728796 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] Next update 2021-12-15 | 2022-11-14T22:22:57Z |
| Entrust: Invalid data in commonName fields | 1675295 | RESOLVED | INVALID | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Invalid data in State/Province Field | 1658792 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] Next Update 2021-04-01 | 2022-11-14T22:22:57Z |
| Entrust: Invalid localityName | 1712106 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] Next update 2021-12-15 | 2022-11-14T22:22:57Z |
| Entrust: IP Address in dNSName form | 1448986 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: IP in dnsName | 1524876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Issued Certificates to incorrect Organization | 1535735 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Late mis-issue certificate revocation | 1520876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Late revocation of underscore certificate | 1521520 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Non-BR-Compliant Certificate Issuance | 1390996 | RESOLVED | FIXED | Kirk Hall | [ca-compliance] [remediation-accepted] Next Update - 2017-11 | 2022-11-14T22:22:57Z |
| Entrust: Non-BR-Compliant OCSP Responder | 1428891 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Outdated audit statement for intermediate cert | 1549862 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Printable String Constraint Failure | 1635096 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] Next Update 21-Sept-2020 | 2022-11-14T22:22:57Z |
| Entrust: Question marks in certificate O and L fields | 1552562 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: S/MIME Certificate Issued with Incorrect Policy OID | 1627346 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] - Next Update - 1-June 2020 | 2022-11-14T22:22:57Z |
| Entrust: SHA-1 Issuance and other misissuance while testing | 1567659 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: SSL Certificates issued with Un-verified IP Addresses | 1744827 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] Next update 2022-01-17 | 2022-11-14T22:22:57Z |
| Entrust: Subscriber provides private key with CSR | 1673119 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: Test Website Certificates Expired | 1731887 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z |
| Entrust: TLS Certificate issued with a key that is impacted by the Close Primes vulnerability | 1766525 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] Next update 2022-10-01 | 2022-11-14T22:22:57Z |
| Firmaprofesional / SIGNE: No BR Audit for subCA technically capable of issuing TLS certs | 1586115 | RESOLVED | FIXED | chemalogo | [ca-compliance] - Missing BR Audit | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2019 audit Finding #1 - 6.2 Identification and Authorization | 1610448 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls | 1612929 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2019 Audit Report Findings | 1606380 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2020 Audit Report Finding 1 out of 4 | 1649502 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2020 Audit Report Finding 2 out of 4 | 1649679 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2020 Audit Report Finding 3 out of 4 | 1649724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2020 Audit Report Finding 4 out of 4 | 1649726 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2021 Audit Report Finding 1 out of 3 | 1717790 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2021 Audit Report Finding 2 out of 3 | 1717791 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2021 Audit Report Finding 3 out of 3 | 1717795 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL | 1771724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2022 - Define Device Obsolescence Process | 1771727 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2022 - SSL certificates issued with wrong Organization ID number | 1769240 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2022 - StateorProvince field | 1771715 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: 2022 - Title field | 1771722 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy | 1538638 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Incorrect OCSP Delegated Responder Certificate | 1649943 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates | 1700145 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Insufficient Audit Statements | 1412950 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Missing BR Self Assessment | 1458064 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Non-audited, non-technically-constrained intermediate certs | 1368171 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Non-BR-Compliant OCSP Responders | 1398240 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Undisclosed Intermediate certificate | 1455119 | RESOLVED | FIXED | chemalogo | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Undisclosed Intermediate certificate SDS | 1464359 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Firmaprofesional: Undisclosed Intermediate certificate SIGNE | 1464335 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| FNMT: Invalid localityName | 1744722 | RESOLVED | FIXED | alain | [ca-compliance] Next update 2022-02-28 | 2022-11-14T22:22:57Z |
| FNMT: Issuance of QCP-n certificates without verifying identity | 1693304 | RESOLVED | FIXED | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| FNMT: Minor non-conformities in 2020 audit statement | 1626805 | RESOLVED | FIXED | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| FNMT: Minor non-conformities in 2021 audit statement | 1704199 | RESOLVED | FIXED | Brox | [ca-compliance] | 2022-11-14T22:22:57Z |
| FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID | 1696872 | RESOLVED | FIXED | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| GDCA: Authentication of Organization Identity Failure for an OV Certificate | 1546253 | RESOLVED | FIXED | capoc | [ca-compliance] | 2022-11-14T22:22:57Z |
| GDCA: CRL validity period exceeds allowed value by one second | 1738191 | RESOLVED | FIXED | capoc | [ca-compliance] | 2022-11-14T22:22:57Z |
| GDCA: Insufficient Serial Number Entropy | 1536831 | RESOLVED | FIXED | capoc | [ca-compliance] | 2022-11-14T22:22:57Z |
| GDCA: Misissuance of certificates with IP address | 1475563 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| GDCA: Misissuance of certificates with small RSA keys | 1467414 | RESOLVED | FIXED | capoc | [ca-compliance] - Next Update - 20-June 2018 | 2022-11-14T22:22:57Z |
| GDCA:Incorrect Value in organizationName Field | 1662382 | RESOLVED | FIXED | capoc | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign - Wrong business category (Non Commercial Entity when should have been Private Organization) | 1599775 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: 4 Misissued certificates with invalid CN | 1552586 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: AT&T Insufficient Serial Number Entropy | 1535873 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: AT&T SSL certificates without the AIA extension | 1547691 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Certificate issued to FQDN with malformed CAA | 1759854 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Certificate issued with RSASSA-PSS public key | 1630870 | RESOLVED | FIXED | Paul Brown | [ca-compliance] Next update - 30-June, 2020 | 2022-11-14T22:22:57Z |
| GlobalSign: Certificates with RSA keys where modulus is not divisible by 8 | 1654896 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: CRL contains invalid signature algorithm | 1793441 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Cross Certificate with non-conforming CABF Policy OIDs | 1650018 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Empty SingleExtension in OCSP responses | 1667944 | RESOLVED | FIXED | Paul Brown | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: EV certificate with wildcard domain in common name and SAN | 1782391 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: EV certificates with serialNumber Government Entity and businessCategory Private Organization | 1744518 | RESOLVED | FIXED | Paul Brown | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Failure to provide a preliminary report within 24 hours | 1668005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| Globalsign: Failure to revoke key-compromised certificate within 24 hours | 1639799 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] Next Update - 12-June 2020 | 2022-11-14T22:22:57Z |
| GlobalSign: Incorrect Jurisdiction of Incorporation information for Japan | 1658932 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] Next Update - 1-Oct-2020 | 2022-11-14T22:22:57Z |
| GlobalSign: Incorrect OCSP Delegated Responder Certificate | 1649937 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] Next Update 2022-01-31 | 2022-11-14T22:22:57Z |
| GlobalSign: Incorrect RegNumber-Org Type combination | 1714968 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Invalid countryName | 1707073 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] Next update 2021-08-12 | 2022-11-14T22:22:57Z |
| GlobalSign: Invalid stateOrProvinceName and locality pair | 1708834 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| GlobalSign: Invalid stateOrProvinceName value | 1668007 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: IP in dnsName | 1524877 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Misissuance of QWAC Certificates | 1623356 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields | 1390997 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [remediation-accepted] | 2022-11-14T22:22:57Z |
| GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName | 1393555 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits | 1393557 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: OCSP responder certificates with more than 64 characters in CN | 1760311 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: OCSP Responder Returns invalid values for Some Precertificates | 1579413 | RESOLVED | INVALID | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1605372 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: OCSP Status HTTP 530 | 1622505 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31 | 1690807 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: SHA-256 hash algorithm used with ECC P-384 key | 1664328 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] Next Update 2021-03-05 | 2022-11-14T22:22:57Z |
| GlobalSign: SPKI lacks explicit NULL parameter, | 1554259 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: SSL Certificates with US country code and invalid State/Prov | 1575880 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] - Next Update 2021-01-15 | 2022-11-14T22:22:57Z |
| GlobalSign: Use of Domain Validation Random Value for more than 30 days | 1654544 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] | 2022-11-14T22:22:57Z |
| GlobalSign: Virginia Tech Insufficient Serial Number Entropy | 1536760 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z |
| GLOBALTRUST: CN domain not in SAN | 1716123 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] Next update 2021-09-20 | 2022-11-14T22:22:57Z |
| GLOBALTRUST: Revoked test website not using revoked certificate | 1716163 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Document Reuse Issue | 1646226 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Agreed-Upon Website Domain Validation Issue | 1647030 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Certificate Problem Report responses greater than 24 hours | 1734953 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Certificates issued with validity periods greater than 398-days | 1662807 | RESOLVED | FIXED | Joanna | [ca-compliance] Next Update 2021-01-11 | 2022-11-14T22:22:57Z |
| GoDaddy: cross certificate disclosure to CCADB | 1572234 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Domain Validation Reuse Issue | 1605804 | RESOLVED | FIXED | Joanna | [ca-compliance] - Next Update - 1-June 2020 | 2022-11-14T22:22:57Z |
| GoDaddy: DV certificates with organizationalUnit field in subject | 1662810 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Expired CRLs | 1645832 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] Next Update - 2021-01-01 | 2022-11-14T22:22:57Z |
| GoDaddy: Failure to respond to January 2018 survey | 1439123 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Failure to revoke certificate with compromised key within 24 hours | 1640310 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Failure to revoke key-compromised certificates within 24 hours | 1639798 | RESOLVED | DUPLICATE | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: failure to revoke underscores | 1524815 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462844 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: improperly encoded certificate issued by Go Daddy Secure Certification Authority | 988633 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: inconsistent disclosure of externally-operated intermediate | 1567061 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Insufficient serial number entropy | 1533774 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Issued EV Wildcard Certificate | 1731939 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] Next update 2021-11-01 | 2022-11-14T22:22:57Z |
| GoDaddy: Issues with State and Country fields | 1577913 | RESOLVED | FIXED | Joanna | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Misissuance of Cross Signed Certs | 1777128 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] Next update 2022-08-26 | 2022-11-14T22:22:57Z |
| GoDaddy: Non-BR-Compliant Certificate Issuance | 1391429 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [remediation-accepted] Next Update - 2017-11-30 | 2022-11-14T22:22:57Z |
| GoDaddy: OV Documentation Reuse | 1759959 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] Next update 2022-06-30 | 2022-11-14T22:22:57Z |
| GoDaddy: Random Value Vulnerability in Domain Validation | 1484766 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Reported TLS Certificate Private Key Exposure | 1742602 | RESOLVED | DUPLICATE | Brittany Randall | [ca-compliance] | 2022-11-14T22:22:57Z |
| GoDaddy: Root CRLs exceed maximum validity period by 1 second | 1734265 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: 63 bit serial numbers in some certificates | 1532842 | RESOLVED | FIXED | ryan_hurst | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Certificates not disclosed in CCADB | 1667844 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3 | 1581183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: CRL validity period set to expected value plus one second | 1731164 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Delayed publication of CPS removing DNS Operator Exception | 1729097 | RESOLVED | FIXED | Brett L | [ca-compliance] Next update 2021-09-24 | 2022-11-14T22:22:57Z |
| Google Trust Services: digitalSignature KeyUsage not set | 1652581 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Failure to provide preliminary report within 24h | 1770510 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Failure to provide regular and timely incident updates | 1708516 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Failure to send preliminary report to subscriber within 24h | 1783272 | RESOLVED | FIXED | kyleomalley | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10 | 1706967 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Improper OCSP response for intermediate certificate | 1522975 | RESOLVED | FIXED | kluge | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Incorrect OCSP response for issued certificate | 1758372 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Incorrect OCSP responses for certain certificates | 1773556 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4 | 1634795 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses | 1678183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: invalid CRL reason code | 1793467 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| google Trust Services: invalid curve-hash combination | 1612389 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Invalid OCSP responses | 1630079 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: OCSP responses not published in a timely manner | 1771552 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: OCSP serving issue 2020-04-09 | 1630040 | RESOLVED | FIXED | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Out-of-date CPS disclosure | 1706976 | RESOLVED | INVALID | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Signing SHA-1 Hash for existing CA certificate with changes in Key Usage | 1709223 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] | 2022-11-14T22:22:57Z |
| Google Trust Services: Tracking bug for possible audit delays (audit due 2020-12) | 1625498 | RESOLVED | INVALID | kluge | [ca-compliance] [audit-delay] [covid-19] | 2022-11-14T22:22:57Z |
| Government of Spain (ACCV): Late Audit Statement | 1507862 | RESOLVED | FIXED | Jose Amador | [ca-compliance] | 2022-11-14T22:22:57Z |
| Government of Spain (ACCV): Missing BR Self Assessment | 1458042 | RESOLVED | FIXED | Jose Amador | [ca-compliance] | 2022-11-14T22:22:57Z |
| Government of Spain FNMT: CP/CPS lack CAA processing details | 1596949 | RESOLVED | FIXED | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| Government of Spain FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. | 1544586 | RESOLVED | FIXED | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| Government of Spain FNMT: OU exceeds 64 characters | 1495507 | RESOLVED | FIXED | Rafa Medina | [ca-compliance] Next Update - 1-February 2019 | 2022-11-14T22:22:57Z |
| Government of Spain FNMT: QC Statement that contains at least one of the ETSI ESI statements | 1625421 | RESOLVED | INVALID | alain | [ca-compliance] | 2022-11-14T22:22:57Z |
| GRCA: Audit Letter Validation failures on intermediate certificates | 1614448 | RESOLVED | FIXED | National Development Council | [ca-compliance] | 2022-11-14T22:22:57Z |
| GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions | 1523221 | RESOLVED | FIXED | National Development Council | [ca-compliance] | 2022-11-14T22:22:57Z |
| GRCA: Misissued certificates: Invalid commonName, commonName not in SAN | 1463975 | RESOLVED | FIXED | National Development Council | [ca-compliance] Next Update 1-October 2020 CKA_NSS_SERVER_DISTRUST_AFTER | 2022-11-14T22:22:57Z |
| GRCA: Signing SHA-1 OCSP responses with unconstrained certificate | 1397832 | RESOLVED | FIXED | National Development Council | [ca-compliance] | 2022-11-14T22:22:57Z |
| HARICA: 3 EV TLS Certificates without L or ST | 1597135 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| HARICA: Certificates with invalid policy tree | 1699796 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| HARICA: Incorrect OCSP Delegated Responder Certificate | 1649945 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] Next update 2020-11-18 | 2022-11-14T22:22:57Z |
| HARICA: Insufficient serial number entropy | 1535509 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1580393 | RESOLVED | INVALID | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| Harica: P-384,ecdsa-with-SHA256 Certificates | 1530971 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates | 1535772 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z |
| Hongkong Post / Certizen: Failure to report misissuance | 1520299 | RESOLVED | FIXED | Man Ho | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust - Intermittent issuance/validation failures and website outage | 1778788 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust - Missing Revocation Reasons in CRL | 1794047 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust / ISRG: Inconsistent Disclosure of Externally-Operated Intermediate | 1671410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust Expired CRLs | 1792111 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Intermittent interruptions to DNS service | 1734906 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: : CRL Potential Publication Delay due to Cache | 1775454 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Certificates with Invalid values for stateOrProvinceName | 1718552 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| Identrust: Discrepancy in values of address fields within CN of SSL Certificates | 1526099 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: EV TLS certificate with invalid Jurisdiction state for government entity | 1756261 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: EV TLS certificate with wrong jurisdiction state for private organization | 1756850 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| Identrust: Failure to disclose Unconstrained intermediate Within 7 Days | 1542082 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Failure to provide OCSP responses for valid ICA certificates | 1758213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Improper encoding of wildcard certificate | 1446121 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| Identrust: Incorrect Subject Details for HydrantId | 1635279 | RESOLVED | FIXED | IdenTrust | [ca-compliance] - Next Update - 1-October 2020 | 2022-11-14T22:22:57Z |
| Identrust: Internal names / failure to report | 1500593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Invalid OCSP Response Held in Cache | 1678410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Issuance of certificates greater than 398 days | 1663080 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days | 1744627 | RESOLVED | FIXED | IdenTrust | [ca-compliance] Next update 2022-01-17 | 2022-11-14T22:22:57Z |
| Identrust: Issuance of Subordinate CA’s Without EKU | 1669594 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Mis-Issued EV Certificates | 1734917 | RESOLVED | FIXED | IdenTrust | [ca-compliance] Next update 2022-01-22 | 2022-11-14T22:22:57Z |
| IdenTrust: Missing Thumbprints In Some Annual Audit Reports | 1588213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Non-BR-Compliant Certificate Issuance | 1391000 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Non-BR-Compliant OCSP Responders | 1398255 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: OCSP Outage | 1636544 | RESOLVED | FIXED | IdenTrust | [ca-compliance] Next Update - 30-July 2020 | 2022-11-14T22:22:57Z |
| IdenTrust: OCSP Responder missing id-pkix-ocsp-nocheck | 1653680 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: OCSP responses for subordinate CA exceed the validity period per CPS guidelines | 1772633 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: OCSP Signer Certificate Missing No-Check Extension | 1749089 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Pre-certificates without a final certificate showing OCSP error | 1758027 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Service Degradation | 1677239 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Unavailable CRL and OCSP Responders | 1754593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’. | 1709192 | RESOLVED | FIXED | IdenTrust | [ca-compliance] Next update 2021-07-01 | 2022-11-14T22:22:57Z |
| IdenTrust: Validation Source for EV Certificates not Publicly Disclosed | 1753287 | RESOLVED | FIXED | IdenTrust | [ca-compliance] | 2022-11-14T22:22:57Z |
| Invalid country field for Camerfirma root CA certificates | 1468000 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| IP certificate issued with Domain Validation | 1550547 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| iTrusChina: Failure to Respond to May 2022 Survey | 1772412 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] | 2022-11-14T22:22:57Z |
| iTrusChina: verification errors for the roots' CRLs(ARL) | 1712664 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: CA certificates not listed in audit report | 1596744 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: certificate issued to internal domain | 1651026 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] Next Update 2020-12-01 | 2022-11-14T22:22:57Z |
| Izenpe: Certificates not disclosed in CCADB | 1667846 | RESOLVED | INVALID | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: CRL and ARL exceed validity period value by one second | 1738421 | RESOLVED | FIXED | David | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: EV certificate with various issues | 1267049 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: Failure to provide a preliminary report within 24 hours. | 1647121 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: incorrect value in stateOrProvinceName | 1653284 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] Next Update 2020-12-01 | 2022-11-14T22:22:57Z |
| Izenpe: Multiple invalid EV certificates issued | 1559765 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] - Next Update - 9-October 2020 | 2022-11-14T22:22:57Z |
| Izenpe: Multiple sub CAs with incorrectly encoded SubjectPublicKeyInfo algorithm | 1685767 | RESOLVED | DUPLICATE | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: Non-BR-Compliant Certificate Issuance | 1391054 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: Non-BR-Compliant OCSP Responders | 1398258 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Izenpe: OU > 64 characters | 1528290 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z |
| Kamu SM: "Some-State" in stateOrProvinceName | 1551369 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] | 2022-11-14T22:22:57Z |
| Kamu SM: Insufficient Serial Number Entropy | 1539190 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] | 2022-11-14T22:22:57Z |
| Kamu SM: Non-BR-Compliant Certificate Issuance | 1390998 | RESOLVED | FIXED | Tuğba ÖZCAN | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: Certificates issued greater than stated in CPS | 1708965 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: Certificates issued with multiple BR violations | 1495497 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: CN domain not in SAN | 1705187 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains | 1705904 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName | 1705832 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown | 1705337 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: Invalid organizationName | 1705647 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] Next update 2022-01-22 | 2022-11-14T22:22:57Z |
| KIR S.A.: Many certificates with OCSP Unknown | 1705657 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days | 1523186 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| KIR S.A.: O > 64 characters | 1532112 | RESOLVED | DUPLICATE | Piotr Grabowski | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt intent to issue root and intermediate certificates with organizationName and CABF DV OID | 1658437 | RESOLVED | WORKSFORME | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines | 1666047 | RESOLVED | FIXED | Kiel C | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: CAA Misissuances | 1398427 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: CAA Rechecking bug | 1619047 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] Next Update - 14-August 2020 | 2022-11-14T22:22:57Z |
| Let's Encrypt: Case-sensitive CAA tag processing | 1462735 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: certificate lifetimes 90 days plus one second | 1715455 | RESOLVED | FIXED | Josh Aas | [ca-compliance] Next update 2021-11-12 | 2022-11-14T22:22:57Z |
| Let's Encrypt: Delay updating OCSP responses | 1729567 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| Let's Encrypt: Expired ISRG Root OCSP X1 Certificate | 1645276 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to audit log subscriber certificate OCSP updates | 1684112 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to provide OCSP Responses for some certificates | 1753123 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours | 1639794 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1627614 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Improper encoding of wildcard certificates | 1446080 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Incomplete and Inconsistent CRLs | 1793114 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] | 2022-11-26T18:18:16Z |
| Let's Encrypt: Mis-issued certificates related to SC48v2 | 1735247 | RESOLVED | FIXED | Jillian | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Non-BR-Compliant Certificate Issuance | 1391867 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: OCSP "unauthorized" responses | 1486650 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1577652 | RESOLVED | INVALID | Jacob Hoffman-Andrews | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: OCSP responses with no revocationReason | 1648840 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let's Encrypt: TLS Using ALPN TLS Version and OID | 1751984 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] Next update 2022-03-11 | 2022-11-14T22:22:57Z |
| Let’s Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions | 1576789 | RESOLVED | FIXED | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let’s Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys | 1789521 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] | 2022-11-14T22:22:57Z |
| Let’s Encrypt: TLS Using ALPN Allows Additional Identifiers in Challenge Certificate | 1752670 | RESOLVED | FIXED | Jillian | [ca-compliance] Next update 2022-03-11 | 2022-11-14T22:22:57Z |
| LuxTrust: Outdated audit statement for intermediate cert | 1578505 | RESOLVED | FIXED | ca | [ca-compliance] - Overdue Audit for intermediate cert | 2022-11-14T22:22:57Z |
| LuxTrust: Overdue Audit Statements 2019 | 1566580 | RESOLVED | WORKSFORME | Yves Nullens | [ca-compliance] Overdue Audits for root certs | 2022-11-14T22:22:57Z |
| Microsec e-Szigno: Certificate validity period greater than 398 days | 1676352 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] Next update 2021-05-01 | 2022-11-14T22:22:57Z |
| Microsec e-Szigno: Non-BR-Compliant Certificate Issuance | 1391055 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsec: Audit Letter Validation Failures | 1625767 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] - Next Update - 1-June 2020 | 2022-11-14T22:22:57Z |
| Microsec: Incorrect OCSP Delegated Responder Certificate | 1649947 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields | 1622539 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] Next Update 15-July 2020 | 2022-11-14T22:22:57Z |
| Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment | 1728384 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsec: Validity period greater than 825 days | 1512270 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft DSRE PKI: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1620727 | RESOLVED | DUPLICATE | Dustin Hollenback | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft DSRE PKI: problem reporting e-mail in CPS does not work | 1604124 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services, Malformed ICAs (Key Usage Malformed) | 1718991 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Certificate Mis-Issuance, DNSName is not FQDN, Preferred Name Syntax | 1706860 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD | 1670337 | RESOLVED | FIXED | John Mason | [ca-compliance] Next Update 2021-04-19 | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: DV certificate issued with OV fields | 1674561 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] Next update 2021-05-01 | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Failure to disclose Revocation of Intermediate CAs within 7 Days | 1742195 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days | 1700809 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions) | 1711147 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Overdue Audit Reports 2021 | 1724530 | RESOLVED | FIXED | mohanr | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Policy Documentation, Failure to update Domain Validation Method | 1693932 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period | 1693930 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft PKI Services: Underscore in SAN | 1705419 | RESOLVED | FIXED | John Mason | [ca-compliance] Next update 2021-09-15 | 2022-11-14T22:22:57Z |
| Microsoft: "unknown" OCSP response for issued certificates | 1793443 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft: Certificate Mis-Issuance, Locality Missing | 1644936 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft: Firewall log data retention | 1658995 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] Next Update - 21-Sept-2020 | 2022-11-14T22:22:57Z |
| Microsoft: Incomplete Logical Access Review Audit Evidence | 1652827 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] Next Update - 21-September 2020 | 2022-11-14T22:22:57Z |
| Microsoft: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586847 | RESOLVED | FIXED | Jason Cooper | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft: Loss of Archived Firewall logs from Retention Store | 1602999 | RESOLVED | FIXED | mohanr | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft: Null Character Bug and Microsoft Root CAs | 1598390 | RESOLVED | FIXED | Julio Montano | [ca-compliance] | 2022-11-14T22:22:57Z |
| Microsoft: Unrevoked 4 intermediate certificates | 1740585 | RESOLVED | FIXED | John Mason | [ca-compliance] | 2022-11-14T22:22:57Z |
| Multicert: AIA CA Issuer field pointing to PEM encoded cert | 1637093 | RESOLVED | FIXED | ca.forum | [ca-compliance] | 2022-11-14T22:22:57Z |
| NAVER Cloud: Failure to Respond to May 2022 Survey | 1772411 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] | 2022-11-14T22:22:57Z |
| Netlock: CA Certificate Missing from Audit Reports | 1716874 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] | 2022-11-14T22:22:57Z |
| NetLock: CN not in SAN | 1462423 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| Netlock: Cumulative report connected to EV verification | 1676440 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| Netlock: Failure to provide regular and timely incident updates | 1572992 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| NetLock: Issuance of >398-day precertificates after 2020-09-01 | 1676367 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586795 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] Next Update 2020-12-01 | 2022-11-14T22:22:57Z |
| NetLock: Non-BR-Compliant Certificate Issuance | 1391056 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName | 1401211 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] | 2022-11-14T22:22:57Z |
| Netlock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit | 1680378 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] | 2022-11-14T22:22:57Z |
| Network Solutions: Audit report delay | 1649507 | RESOLVED | FIXED | Roy Dykes | [ca-compliance] [audit-delay] | 2022-11-14T22:22:57Z |
| Network Solutions: 2021 Audit Findings 1-3 | 1725047 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| Network Solutions: 2021 Audit Observation #1 | 1725039 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| Network Solutions: 2021 Audit Observation #2 | 1725041 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| Network Solutions: 2021 Audit Observation #3 | 1725043 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| Network Solutions: All test CA test website certificates are expired | 1726333 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| OCSP responding good for non-issued certs by Consorci AOC root already solved | 1467110 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIOverheid / QuoVadis: CPS inconsistencies | 1650234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] Next update 7-Aug 2020 | 2022-11-14T22:22:57Z |
| PKIoverheid: (KPN) Incorrect Subject OrganizationName | 1746421 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: CIBG insufficient serial number entropy | 1573490 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: Compliance issues CIBG TLS certificates | 1578809 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: Incorrect OCSP Delegated Responder Certificate | 1649964 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] Next Update 2021-01-25 | 2022-11-14T22:22:57Z |
| PKIoverheid: KPN CPS lacks problem reporting instructions | 1596923 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6 | 1719451 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| PKIoverheid: KPN Insufficient Serial Number Entropy | 1535871 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: KPN issued Invalid organizationalUnitName | 1706950 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: Missing audit statement "UZI-register Medewerker Niet op Naam CA G21" | 1609706 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: Missing WTBR audit statements Staat der Nederlanden 2017/2018 | 1605126 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: No BR Audit for subCAs technically capable of issuing TLS certs | 1586125 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: Overdue audit statements for intermediate certificates | 1669518 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| PKIoverheid: TSP CPS lacks problem reporting instructions | 1610507 | RESOLVED | DUPLICATE | Jorik van 't Hof | [ca-compliance] | 2022-11-14T22:22:57Z |
| Problem with NETLOCK's codesigning CA | 1734114 | RESOLVED | INVALID | Anna Bányai | [ca-compliance] | 2022-11-14T22:22:57Z |
| PROCERT: Non-BR-Compliant Certificate Issuance | 1391058 | RESOLVED | DUPLICATE | Procert | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage | 1468477 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis / Siemens: Insufficient serial number entropy | 1534535 | RESOLVED | FIXED | Rufus Buschart | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: BR Error - san dns name starts with period | 1521950 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: EV serialNumber with "none" | 1645708 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Incorrect EV businessCategory | 1593357 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: IPaddress in DNSname SAN | 1530623 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: LLB insufficient Serial Number Entropy | 1540315 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: N/A in EV serialNumber field | 1576283 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: OCSP handling of Certificate Transparency Pre-certs | 1579950 | RESOLVED | INVALID | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Quovadis: Certificate containing Debian weak key | 1472052 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: DarkMatter Insufficient Serial Number Entropy | 1531800 | RESOLVED | FIXED | Scott Rea | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: EV JOI Issue | 1581234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Failure to provide a preliminary report within 24 hours | 1762456 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Failure to provide a preliminary report within 24 hours. | 1649880 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] Next Update 1-October 2020 | 2022-11-14T22:22:57Z |
| QuoVadis: failure to reply in a timely manner | 1590171 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: hostnames not in preferred name syntax | 1738472 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: improper countryName format | 1493760 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Incorrect EV jurisdiction of incorporation information | 1589047 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Incorrect keyUsage for ECC certificate | 1667518 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Incorrect OCSP Delegated Responder Certificate | 1649938 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] Next Update 2021-01-07 | 2022-11-14T22:22:57Z |
| Quovadis: Insufficient Serial Number Entropy | 1533899 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: IP in dnsName | 1524879 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs | 1586792 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Multiple unreported misissuances in 2018 | 1519260 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Non-BR-Compliant Certificate Issuance | 1391063 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [remediation-accepted] Next Update - 2018-06-30 | 2022-11-14T22:22:57Z |
| Quovadis: Non-BR-Compliant issuance --improper characters in DNSName (BIT sub-CA) | 1430909 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] - Next Update - mid-Feb 2018 | 2022-11-14T22:22:57Z |
| QuoVadis: Non-BR-Compliant OCSP Responder | 1426238 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: Recap of BR Compliance in 2018 issuance by external subCAs | 1519265 | VERIFIED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: revocation services validity set to expected value plus one second | 1733000 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17) | 1563917 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| QuoVadis/PKIoverheid: incorrect OCSP response for precertificate | 1724276 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z |
| RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone | 1409735 | RESOLVED | FIXED | Steven Medin | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: "Default City" in Subject:localityName | 1548714 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Ambiguity on KeyUsage with ECC public key | 1560234 | RESOLVED | INVALID | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: CA Certificates Missing from Audit Reports | 1717044 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: certificate for .test TLD | 1524452 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: certificate for which “L” and “ST” not set | 1544722 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: certificate for which “OU=-” | 1544712 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: CP/CPS does not clearly specify domain validation methods | 1705480 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] Next update 2021-08-01 | 2022-11-14T22:22:57Z |
| SECOM: CrossTrust: OU > 64 characters | 1532105 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Failed an annual update of Cybertrust Japan (CTJ) CPS | 1769222 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Failure to disclose Unconstrained Intermediate within 7 Days | 1563574 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: failure to revoke underscores | 1524816 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: FUJIFILM intermediate not listed in audit statement | 1695938 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| SECOM: Incorrect OCSP Delegated Responder Certificate | 1649962 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Insufficient Serial Number Entropy | 1539358 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Mis-issued EV Certificates | 1576133 | RESOLVED | FIXED | Yuu Hidaka | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Non-BR-Compliant Certificate Issuance | 1391064 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Non-BR-Compliant OCSP Responders | 1398259 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [remediation-accepted] Next Update - 5-Mar 2018 | 2022-11-14T22:22:57Z |
| SECOM: Outdated audit statements for intermediate certs | 1695993 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Root CRLs exceed maximum validity period by 1 second | 1735998 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: TSA Certs Issued from Root | 1452671 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Undisclosed intermediate certificates | 1497703 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z |
| SECOM: Unqualified domain name in SAN | 1695786 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] Next update 2021-08-01 | 2022-11-14T22:22:57Z |
| Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate | 1567060 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: "Default City" in Subject:localityName | 1548713 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: "Manual DCV" method used | 1718579 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: "Some-State" in stateOrProvinceName | 1551362 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: "unauthorized" OCSP responses | 1639518 | VERIFIED | INVALID | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: 2020 failure to respond to abuse report discovered | 1718785 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: CCADB failed ALV - D-TRUST CA 2-1 2015 | 1597948 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: CCADB failed ALV - Ensured Root CA | 1597950 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: CCADB failed ALV - Network Solutions Certificate Authority | 1597947 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Certificate Problem Report response issues | 1650845 | RESOLVED | FIXED | Nick France | [ca-compliance] Updates in Bug #1648717 | 2022-11-14T22:22:57Z |
| Sectigo: Certificates with RSA keys where modulus is not divisible by 8 | 1653504 | RESOLVED | FIXED | Nick France | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: CRL validity beyond CPS allowed value | 1735761 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: DCV Reuse after 825 days | 1718771 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: EV SSL Certificates with incorrect businessCategory | 1590810 | RESOLVED | FIXED | Robin Alden | [ca-compliance] - Next Update - 1-June 2020 | 2022-11-14T22:22:57Z |
| Sectigo: EV SSL Certificates with incorrect subject details. | 1575022 | RESOLVED | FIXED | Robin Alden | [ca-compliance] - Next Update - 15-Aug 2020 | 2022-11-14T22:22:57Z |
| Sectigo: Failure to block disallowed LDH labels in domain names | 1740493 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to provide a preliminary report within 24 hours | 1619359 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to provide a preliminary report within 24 hours. | 1648717 | RESOLVED | FIXED | Rich Smith | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to provide timely incident reports | 1563579 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours | 1625715 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to revoke key-compromised certificate within 24 hours | 1639804 | RESOLVED | FIXED | Robin Alden | [ca-compliance] Next update 15-Aug-2020 | 2022-11-14T22:22:57Z |
| Sectigo: Failure to revoke key-compromised certificates | 1639805 | RESOLVED | FIXED | Rich Smith | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to revoke within 24 hours | 1492006 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Forbidden Domain Validation Method | 1714628 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Inadequate DCV | 1694233 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Inappropriate subject:serialNumber information in EV certificates obtained through ACME | 1712120 | RESOLVED | FIXED | Tim Callan | [ca-compliance] Next update 2021-10-01 | 2022-11-14T22:22:57Z |
| Sectigo: Incorrect EV businessCategory | 1715929 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Incorrect JOI Country value | 1747915 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Incorrect JOI for federal credit unions | 1741026 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Incorrect locality information | 1714193 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Incorrect OCSP responses | 1763203 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] Next update 2022-06-15 | 2022-11-14T22:22:57Z |
| Sectigo: invalid dnsName | 1524730 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Invalid postalCode field | 1708934 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Invalid stateOrProvinceName | 1710243 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: invalid subject:organizationalUnitName on DV certificates | 1593776 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Lack of input validation in stateOrProvinceName | 1645686 | RESOLVED | DUPLICATE | Rich Smith | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Missing Changelog in CPS | 1545208 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Missing registration numbers in EV certificates | 1721271 | RESOLVED | FIXED | Tim Callan | [ca-compliance] Next update 2021-10-18 | 2022-11-14T22:22:57Z |
| Sectigo: Misspelled city name in localityName field | 1782356 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Misspellings in stateOrProvince or localityName fields | 1715024 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Mojibake in certificate Subject fields | 1724458 | RESOLVED | FIXED | Tim Callan | [ca-compliance] Next update 2022-02-15 | 2022-11-14T22:22:57Z |
| Sectigo: Non-existent hostname in CDP and AIA URLs | 1793787 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature | 1741777 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] Next update 2022-09-01 | 2022-11-14T22:22:57Z |
| Sectigo: Potential audit report delay | 1648593 | RESOLVED | FIXED | Nick France | [ca-compliance] [audit-delay] | 2022-11-14T22:22:57Z |
| Sectigo: potentially invalid organizational validation certificates | 1717046 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Reseller ZeroSSL and Private Key Generation | 1699756 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: SC45 DCV Reuse Error | 1756847 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: State name in localityName | 1720744 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Subject field with unvalidated information included in certificates | 1736064 | RESOLVED | FIXED | Tim Callan | [ca-compliance] Next update 2022-02-16 | 2022-11-14T22:22:57Z |
| Sectigo: test certificates issued from trusted CA | 1712188 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Truncated registration numbers in EV certificates | 1732484 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: Use of forbidden subjectPublicKeyInfo algorithm | 1518553 | RESOLVED | FIXED | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sectigo: ZeroSSL: failure to revoke within 24 hours | 1698936 | RESOLVED | FIXED | Tim Callan | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Unvalidated domain in certificate | 1546776 | RESOLVED | FIXED | fcorday | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: "Some-State" in stateOrProvinceName | 1551374 | RESOLVED | FIXED | fcorday | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: BR Audit 2019 - matters to be resolved | 1606031 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: CPS section 6.1.1.1 number 3 non-compliance event | 1671037 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Failure to provide a preliminary report within 24 hours. | 1667799 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Inaccurate value in stateOrProvinceName | 1667842 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Incorrect OCSP response | 1765800 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Invalid localityName | 1720723 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Metadata-only field values in 2 certificates | 1646711 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] | 2022-11-14T22:22:57Z |
| SecureTrust: Unconstrained ICA not included in WTBR audit report | 1600844 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] | 2022-11-14T22:22:57Z |
| Sertifitseerimiskeskuse: Non-BR-Compliant OCSP Responders | 1398233 | RESOLVED | FIXED | Mihkel Tammsalu | [ca-compliance] | 2022-11-14T22:22:57Z |
| SK ID Solutions: Audit Letter Validation failures on intermediate certificates | 1614449 | RESOLVED | FIXED | Kristel Rünnimeri | [ca-compliance] | 2022-11-14T22:22:57Z |
| SK ID Solutions: Incorrect OCSP Delegated Responder Certificate | 1649942 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl | 1548720 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Expired CRLs | 1550576 | RESOLVED | INVALID | Chris Kemmerer | [ca-compliance] Expired CRLs | 2022-11-14T22:22:57Z |
| SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels | 1724520 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] Next update 2022-06-17 | 2022-11-14T22:22:57Z |
| SSL.com: Insufficient serial number entropy | 1534147 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate | 1666872 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Intermediate certificate not listed in audit reports | 1610000 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information | 1722089 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] Next update 2022-06-10 | 2022-11-14T22:22:57Z |
| SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value | 1719916 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Issuance of TLS certificates with validation methods prohibited by SC-45 | 1750631 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Issued precertificate with Debian Weak Key | 1620772 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: P-384 curve / ecdsa-with-SHA256 certificates | 1534145 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown" | 1579509 | RESOLVED | INVALID | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| SSL.com: Wildcard DV certificate issued with a non-validated domain name | 1678720 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] | 2022-11-14T22:22:57Z |
| Staat der Nederlandend / PKIoverheid: Non-BR-Compliant Certificate Issuance | 1391864 | RESOLVED | FIXED | Mark Janssen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders | 1398251 | RESOLVED | FIXED | Mark Janssen | [ca-compliance] | 2022-11-14T22:22:57Z |
| Startcom CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone | 1409859 | RESOLVED | INVALID | Iñigo | [ca-compliance] | 2022-11-14T22:22:57Z |
| StartCom: 'un-revoking' intermediate certificates | 1369342 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record | 1409760 | RESOLVED | WONTFIX | Iñigo | [ca-compliance] | 2022-11-14T22:22:57Z |
| StartCom: mis-issuance of certs with unvalidated domain names and bogus field values | 1369359 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| StartCom: Non-BR-Compliant Certificate Issuance -- adding Certnomis intermediates to OneCRL | 1386894 | RESOLVED | DUPLICATE | Kathleen Wilson | [ca-compliance] | 2022-11-14T22:22:57Z |
| Swisscom: certificates without DNS names in subjectAltName | 1195115 | RESOLVED | WONTFIX | H-P Waldegger | [ca-compliance] | 2022-11-14T22:22:57Z |
| Swisscom: Missing Audits for Unconstrained Intermediate Certificates | 1464286 | RESOLVED | FIXED | H-P Waldegger | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: "Some-State" in stateOrProvinceName | 1551364 | RESOLVED | FIXED | Timo Schmitt | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Audit Letter Validation failures on intermediate certificates | 1614450 | RESOLVED | WORKSFORME | Nathalie Weiler | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: BRs require full annual audits | 1374381 | RESOLVED | FIXED | Reinhard Dietrich | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Cert issued with a to long validity period | 1443731 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] - Next Update - 01-August 2018 | 2022-11-14T22:22:57Z |
| SwissSign: Certificate issue with Signature | 1459557 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] - Next Update - 01-August 2018 | 2022-11-14T22:22:57Z |
| SwissSign: Certificate with key length 16258 | 1731586 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Certificate with key length 4098 bit | 1691704 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Domain validated certificate but with stateOrProvinceName | 1473971 | RESOLVED | FIXED | Reinhard Dietrich | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: duplicate serial number | 1636140 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: duplicate serial number | 1677737 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Error in OrganisationIdentifier in signature/seal certificate | 1541064 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: failure to provide a preliminary report within 24 hours | 1636141 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Failure to provide a preliminary report within 24 hours. | 1671113 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Invalid DNSName in SAN | 1428877 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Invalid stateOrProvinceName field | 1670894 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Mis-Issuance of S/MIME certificates | 1766255 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier | 1506607 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Misissuance of Leaf Certificates because of incorrect postcode | 1569651 | RESOLVED | FIXED | Timo Schmitt | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Misissuance with mispellings in Location for a number of Certificates | 1613334 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] Next Update 31-July 2020 | 2022-11-14T22:22:57Z |
| SwissSign: Non-BR-Compliant Certificate Issuance | 1391066 | RESOLVED | FIXED | Corneia Enke | [ca-compliance] [remediation-accepted] Next Update - 2017-11-04 | 2022-11-14T22:22:57Z |
| SwissSign: OCSP responder unreachable | 1662137 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Two certs issued with same issuer and serial number | 1404403 | RESOLVED | FIXED | Corneia Enke | [ca-compliance] | 2022-11-14T22:22:57Z |
| SwissSign: Undisclosed Intermediate Certificates | 1455132 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] - Next Update - 16-October 2018 | 2022-11-14T22:22:57Z |
| SwissSign: wrong address in EV certificate | 1734131 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] | 2022-11-14T22:22:57Z |
| Symantec: Non-audited, non-technically-constrained intermediate cert | 1368178 | RESOLVED | FIXED | Steven Medin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Symantec: Non-BR-Compliant Certificate Issuance | 1391067 | RESOLVED | FIXED | Steven Medin | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems / DFN-PKI: 40 OV certificates with wrong ST | 1534580 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems / DFN-PKI: 42 certificates with RSA modulus size in bits not divisable by 8 | 1651132 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] - Next Update - 2-Oct-2020 | 2022-11-14T22:22:57Z |
| T-Systems: "Internet Widgits Pty Ltd" in organizationName | 1638898 | RESOLVED | DUPLICATE | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: "Some-State" comparable issues | 1567456 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: "Some-State" in stateOrProvinceName | 1551371 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: DFN-PKI - Non-IDNA 2003 IDNs, violation of RFC 5280 | 1522080 | RESOLVED | INVALID | Jürgen Brauckmann | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Improperly encoded QCStatements extension | 1498463 | RESOLVED | FIXED | Bernd | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Incorrect OCSP Delegated Responder Certificate | 1649941 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Insufficient serial number entropy | 1536082 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Invalid SAN Entries | 1530718 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Issue with Organization field | 1578417 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Non-BR-Compliant Certificate Issuance | 1391074 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] Next Update - 28-January 2019 | 2022-11-14T22:22:57Z |
| T-Systems: Non-BR-Compliant OCSP Responders | 1426009 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems: Undisclosed Intermediate certificate | 1455137 | RESOLVED | FIXED | Bernd | [ca-compliance] | 2022-11-14T22:22:57Z |
| T-Systems/DFN-PKI cablint findings, follow up to T-Systems Bug 1391074 | 1401486 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] | 2022-11-14T22:22:57Z |
| Taiwan-CA: Invalid SAN Entries | 1535869 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] | 2022-11-14T22:22:57Z |
| Taiwan-CA: Invalid stateOrProvinceName | 1709070 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] Next update 2021-08-15 | 2022-11-14T22:22:57Z |
| Taiwan-CA: Misissued certificate: Invalid organizationUnitName | 1629020 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] | 2022-11-14T22:22:57Z |
| Taiwan-CA: Non-BR-Compliant Certificate Issuance | 1391068 | RESOLVED | FIXED | Robin Lin | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: Certificate with invalid FQDN | 1711432 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: CRL also contained unrevoked certificates | 1655698 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: Finding in 2020 ETSI-Audit regarding weekly review of changes to configurations | 1651611 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: Key Encipherment in two ECC SAN TLS certificates | 1703528 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: Multiple commonName in certificates | 1705791 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telekom Security: Wrong jurisdiction entries in certificates | 1675314 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia CA: AIA CA Issuer field pointing to PEM encoded cert | 1637854 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia CA: Ambiguity on KeyUsage with ECC public key | 1612332 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia CA: Certificates with RSA keys where modulus is not divisible by 8 | 1674536 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia CA: Invalid email contact address was used for few domains | 1736020 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia CA: Issued three precertificates with non-NIST EC curve | 1738207 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: "Some-State" in stateOrProvinceName | 1551372 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Disallowed curve (P-521) in leaf certificate | 1689589 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Failure to disclose Unconstrained Intermediate within 7 Days | 1563575 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: invalid IP value in SAN DNS field | 1524567 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field | 1528259 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) | 1528261 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Misissued certificate - invalid dnsName | 1524050 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Misissued certificate - Invalid OU value "-" | 1528264 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Misissued certificate - Invalid wildcard format | 1528263 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Non-BR-Compliant OCSP Responder | 1426247 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Qualified Audit Statements | 1475115 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Qualified BR Audit Statement | 1565270 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] Next Update 2021-03-01 | 2022-11-14T22:22:57Z |
| Telia: Qualified BR Audit Statement 2020 | 1649683 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| Telia: Two CA certificates not listed in audit report | 1614311 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] | 2022-11-14T22:22:57Z |
| TeliaSonera: Intermediate Cert(s) Not Disclosed in CCADB | 1451953 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] - Next Update - 01-May 2018 | 2022-11-14T22:22:57Z |
| TERENA: Insufficient validation of organizationalUnitName | 1675923 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z |
| Trustcor: Incorrect CA-Issuers URI | 1568356 | RESOLVED | FIXED | Neil Dunbar | [ca-compliance] | 2022-11-14T22:22:57Z |
| TrustCor: Insufficient Serial Number Entropy | 1532399 | RESOLVED | FIXED | Neil Dunbar | [ca-compliance] | 2022-11-14T22:22:57Z |
| TrustCor: Non-audited intermediate certificates | 1579284 | RESOLVED | FIXED | Neil Dunbar | [ca-compliance] | 2022-11-14T22:22:57Z |
| TrustCor: Non-mention of Email CAs in WTBR audit reports | 1599503 | RESOLVED | FIXED | Neil Dunbar | [ca-compliance] | 2022-11-14T22:22:57Z |
| Trustis: Gap between audit periods | 1623472 | RESOLVED | FIXED | Blake Morgan | [ca-compliance] Audit Gap | 2022-11-14T22:22:57Z |
| Trustis: Non-Br-Compliant OCSP Responder | 1426249 | RESOLVED | FIXED | Blake Morgan | [ca-compliance] | 2022-11-14T22:22:57Z |
| Trustwave: Certs issued with same issuer and serial number | 1405826 | RESOLVED | FIXED | fcorday | [ca-compliance] | 2022-11-14T22:22:57Z |
| TunTrust: OCSP unreachable | 1663953 | RESOLVED | FIXED | Agence Nationale de Certification Electronique | [ca-compliance] Next Update 2021-06-15 | 2022-11-14T22:22:57Z |
| TurkTrust: Failure to respond to January 2018 survey | 1439127 | RESOLVED | FIXED | Atilla Biler | [ca-compliance] | 2022-11-14T22:22:57Z |
| TurkTrust: Non-audited, non-technically-constrained intermediate certs | 1367842 | RESOLVED | FIXED | Atilla Biler | [ca-compliance] | 2022-11-14T22:22:57Z |
| TWCA: CA Certificate Missing from Audit Reports | 1716670 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] | 2022-11-14T22:22:57Z |
| TWCA: Policy OID not set to indicate the assurance level to the issued certs | 1738778 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] | 2022-11-14T22:22:57Z |
| Visa: Non-BR-Compliant Certificate Issuance | 1391087 | RESOLVED | FIXED | Marcelo B. Silva | [ca-compliance] | 2022-11-14T22:22:57Z |
| Visa: Non-BR-Compliant OCSP Responders | 1398261 | RESOLVED | FIXED | Marcelo B. Silva | [ca-compliance] | 2022-11-14T22:22:57Z |
| Visa: Qualified Audit Statements | 1485851 | RESOLVED | FIXED | PKI Policy | [ca-compliance] | 2022-11-14T22:22:57Z |
| Web.com: Failure to respond in time to revocation requests | 1723121 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| Web.com: Overdue Audit Statements 2021 | 1721473 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Failure to disclose intermediate in CCADB | 1503638 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Incorrect OCSP Delegated Responder Certificate | 1649939 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] [covid-19] Next Update - 25 October, 2020 | 2022-11-14T22:22:57Z |
| WISeKey: Insufficient Serial Number Entropy | 1540281 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Issuance of certificate with non-DER encoded keyUsage | 1793692 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Issuance of certificate with two potentially conflicting policy OIDs | 1626868 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Non-BR-Compliant Certificate Issuance | 1391089 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Revocation of multiple intermediate CAs | 1549308 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Typo in Organization field | 1609501 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
| WISeKey: Unofficial DBA in Organization field | 1614290 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] | 2022-11-14T22:22:57Z |
860 Total; 0 Open (0%); 858 Resolved (99.77%); 2 Verified (0.23%);
Delayed Revocation
| Summary | ID | Status | Resolution | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|---|
| Actalis: Delayed revocation of non-BR-compliant CA Certificate within 7 days | 1718554 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [delayed-revocation-ca] Next update 2021-09-22 | 2022-11-14T22:22:57Z |
| Actalis: delayed revocation related to inaccurate value in stateOrProvinceName | 1670861 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Actalis: Failure to revoke certs within the BR required timeframe | 1572638 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Actalis: Failure to revoke within 7 days: OCSP EKU issue | 1651651 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [delayed-revocation-ca] Next Update 2020-12-01 | 2022-11-14T22:22:57Z |
| Amazon Trust Services: Revocation Time for Intermediate Certificates | 1719920 | RESOLVED | FIXED | Heather (Amazon Trust Services) | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period | 1600158 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| Asseco DS/Certum: Failure to revoke within 5 days | 1668523 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [delayed-revocation-leaf] Next update 2021-01-15 | 2022-11-14T22:22:57Z |
| Buypass: Failure to revoke PSD2 QWACs within mandated 5 days | 1628292 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [delayed-revocation-leaf] Next update 2020-12-01 | 2022-11-14T22:22:57Z |
| Buypass: intermediate certificates not revoked within BR time period | 1598319 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| Camerfirma: BR revocation period exceeded | 1624658 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [delayed-revocation-leaf] [covid-19] | 2022-11-14T22:22:57Z |
| Camerfirma: Decision not to revoke certificates with authorityKeyIdentifier that violates Mozilla Policy | 1609828 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits | 1692535 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [delayed-revocation-leaf] Next update 2022-02-18 | 2022-11-14T22:22:57Z |
| Camerfirma: Delayed revocations related to certificates without CABForum OV Reserved Policy Identifier | 1686966 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident | 1647099 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [delayed-revocation-leaf] [covid-19] | 2022-11-14T22:22:57Z |
| Camerfirma: Delayed revocations related to Invalid stateOrProvinceName field | 1668331 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Camerfirma: Failure to revoke within 7 days: OCSP EKU issue | 1652603 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [delayed-revocation-ca] 2020-12-01 | 2022-11-14T22:22:57Z |
| Camerfirma: Govern d'Andorra audits | 1575530 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280 | 1586860 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| CFCA: O > 64 characters | 1532113 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| D-TRUST: Delayed revocation of EV certificates | 1580525 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Dhimyotis/Certigna: Certificates issued with validity periods greater than 398-days | 1674082 | RESOLVED | FIXED | r.delval | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Dhimyotis/Certigna: Failure to revoke in the timeline specified by the BRs | 1685142 | RESOLVED | DUPLICATE | r.delval | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| DigiCert: Delay of revocation for EV audit inconsistency incident | 1651828 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [delayed-revocation-leaf] [covid-19] | 2022-11-14T22:22:57Z |
| DigiCert: Delayed Revocation of ~5.5 hours | 1797165 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| DigiCert: Failure to revoke within 7 days: OCSP EKU issue | 1651461 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| E-Tugra: The failure to revoke a certificate | 1687608 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: Compromised Private Key was not Revoked in Less than 24 Hours | 1611241 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: Failure to revoke a certificate | 1636339 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: Late Revocation due to SHA-256 hash algorithm | 1651481 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: Late Revocation for Invalid State/Province Issue | 1658794 | RESOLVED | FIXED | Dathan Demone | [ca-compliance][delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: Late Revocation for SSL Certificates issued with Un-verified IP Addresses | 1748634 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Entrust: SHA-256 hash algorithm used with ECC P-384 key | 1648472 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [delayed-revocation-leaf] Next Update - 21-Sept. 2020 | 2022-11-14T22:22:57Z |
| Firmaprofesional: Failure to revoke ICAs within 7 days: OCSP EKU | 1651637 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [delayed-revocation-ca] Next update 2021-04-23 | 2022-11-14T22:22:57Z |
| GlobalSign: Failure to revoke 2 noncompliant QWACs within 5 days | 1625445 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| GlobalSign: Failure to revoke noncompliant certificates within 5 days | 1654545 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1651447 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1599788 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report | 1591005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [delayed-revocation-ca] Next Update 2021-03-15 | 2022-11-14T22:22:57Z |
| GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise | 1620922 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| GoDaddy: Failure to revoke 210 subscriber certificates within 24 hours | 1793848 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [delayed-revocation-leaf] | 2022-11-26T18:17:40Z |
| GoDaddy: Failure to Revoke Subscriber Certificates within 24 hours | 1742657 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [delayed-revocation-leaf] Next update 2022-03-31 | 2022-11-14T22:22:57Z |
| Google Trust Services: Failure to revoke subscriber certificates within BR timeframe | 1715421 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days | 1651465 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [delayed-revocation-ca] Next update 2020-12-01 | 2022-11-14T22:22:57Z |
| Identrust: Delay Revocation for EV SSL Certificates | 1757247 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Identrust: Failure to Revoke Subscriber Certificates Within 5 days | 1736706 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [delayed-revocation-leaf] [ca-compliance] Next update 2022-01-05 | 2022-11-14T22:22:57Z |
| IdenTrust: Undisclosed Unrevoked ICAs | 1598807 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [delayed-revocation-ca] [covid-19] - Next Update - 7-Aug 2020 | 2022-11-14T22:22:57Z |
| Izenpe: Failure to revoke within 5 days | 1656487 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance][delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Izenpe: intermediate certificates not revoked within BR time period | 1598608 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| KIR S.A.: Delayed revocations of certificates | 1709872 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [delayed-revocation-leaf] Next update 2022-01-22 | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to revoke for Certificate Lifetime Incident | 1715672 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [delayed-revocation-leaf] Next update 2022-01-12 | 2022-11-14T22:22:57Z |
| Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1625322 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Let's Encrypt: Incomplete revocation for CAA rechecking bug | 1619179 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Microsec: Failure to revoke noncompliant ICA within 7 days | 1651632 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [delayed-revocation-ca] Next update 2020-12-01 | 2022-11-14T22:22:57Z |
| Netlock - Failure to revoke noncompliant ICA within 7 days | 1656882 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| Netlock: Delayed revocation report connected to ticket 1680378 | 1688844 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652922 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652604 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [delayed-revocation-ca] Next update 2020-12-01 | 2022-11-14T22:22:57Z |
| QuoVadis: Failure to revoke certificates with compromised private keys | 1624504 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [delayed-revocation-leaf] - Next update 31-July 2020 | 2022-11-14T22:22:57Z |
| QuoVadis: Unconstrained CAs missing audits | 1581597 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [delayed-revocation-ca] [covid-19] | 2022-11-14T22:22:57Z |
| QuoVadis: Failure to revoke within 7 days: OCSP EKU issue | 1651553 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [delayed-revocation-ca] Next update 2021-01-22 | 2022-11-14T22:22:57Z |
| QuoVadis: Unconstrained CAs revocation | 1599916 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue | 1652610 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates | 1707229 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [delayed-revocation-leaf] Next update 2022-04-29 | 2022-11-14T22:22:57Z |
| Sectigo: Failure to properly respond to a report of subscriber key compromise | 1635840 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Sectigo: Failure to revoke within 5 days | 1665763 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| Sectigo: Non-revocation of certificates with subject:organizationalUnitName in DV certificates | 1620561 | RESOLVED | FIXED | Nick France | [ca-compliance] [delayed-revocation-leaf] Next update 2021-01-05 | 2022-11-14T22:22:57Z |
| SecureTrust: Delayed revocation of a customer revoke request | 1724485 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| SSL.com: Delayed revocation of 53 certificates affected by bug #1750631 | 1752636 | RESOLVED | FIXED | Chris Kemmerer | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| SwissSign: CP/CPS certificate profile issue | 1558552 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| SwissSign: Delayed revocation for mispellings in Location for a number of Certificates | 1613406 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [delayed-revocation-leaf] Next Update 31-Aug 2020 | 2022-11-14T22:22:57Z |
| Telekom Security: Delayed Revocations of Sub-CA certificates | 1651487 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [delayed-revocation-ca] Next update 2020-12-01 | 2022-11-14T22:22:57Z |
| Telia CA: Delayed revocation of 5 EE certificates in connection to id=1736020 | 1737808 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| TrustCor: Non-revocation of CA certificates within 7 days | 1599571 | RESOLVED | FIXED | Neil Dunbar | [ca-compliance] [delayed-revocation-ca] | 2022-11-14T22:22:57Z |
| WISeKey: Failure to meet revocation deadline | 1610767 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] [delayed-revocation-leaf] | 2022-11-14T22:22:57Z |
| WISeKey: Failure to revoke ICA Certificates within 7 days (OCSP EKU) | 1651730 | RESOLVED | FIXED | Pedro Fuentes | [ca-compliance] [delayed-revocation-ca] Next Update 2020-12-01 | 2022-11-14T22:22:57Z |
75 Total; 0 Open (0%); 75 Resolved (100%); 0 Verified (0%);
