CA/Closed Incidents
From MozillaWiki
< CA
Closed CA Compliance Bugs
A historical view of past overdue audit statements may be found here.
Below is a historical view of past CA compliance bugs. These bugs may have been valid and remedied by the CA, or may have been deemed invalid and closed as unnecessary.
All Other Issues
Summary | ID | Status | Resolution | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|---|
[meta] Bug for Tracking BR Compliance Issues | 1029147 | RESOLVED | WORKSFORME | Kathleen Wilson | [ca-compliance] -- tracking bug for BR Compliance issues | 2022-11-14T22:22:57Z | 2014-06-23T20:54:26Z |
ACCV: Certificates issued with cRLIssuer in CDP extension | 1884532 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [ov-misissuance] | 2024-07-11T15:02:17Z | 2024-03-09T18:14:05Z |
ACCV: Certificates issued with Policy qualifiers other than id-qt-cps | 1889567 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [ev-misissuance] | 2024-08-28T21:35:12Z | 2024-04-04T07:53:32Z |
ACCV: Delayed response to CPR | 1886785 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [policy-failure] | 2024-07-11T15:01:59Z | 2024-03-21T15:13:02Z |
ACCV: Delayed revocation of TLS certificates affected by bug #1884532 | 1886788 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [leaf-revocation-delay] | 2024-06-01T14:06:45Z | 2024-03-21T15:34:41Z |
ACCV: Insufficient serial number entropy | 1536213 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:58Z | 2019-03-18T20:07:12Z |
ACCV: Late Audit Statement | 1507862 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [audit-delay] | 2023-02-22T18:18:59Z | 2018-11-16T17:57:51Z |
ACCV: Missing BR Self Assessment | 1458042 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:00Z | 2018-04-30T20:43:40Z |
Actalis: Certificates issued with invalid RDN order | 1883731 | RESOLVED | FIXED | Marco Menonna | [ca-compliance] [ev-misissuance] | 2024-06-28T19:01:00Z | 2024-03-05T18:26:39Z |
Actalis: Certificates issued with validity period greater than 398 days | 1826713 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ov-misissuance] | 2023-07-20T23:24:14Z | 2023-04-06T08:14:52Z |
Actalis: Certs issued with same issuer and serial number | 1405817 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-misissuance] | 2023-02-22T18:11:52Z | 2017-10-04T20:21:40Z |
Actalis: Delayed revocation of non-BR-compliant CA Certificate within 7 days | 1718554 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:11:53Z | 2021-06-28T17:57:01Z |
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName | 1670861 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:11:54Z | 2020-10-13T06:57:36Z |
Actalis: Failure to revoke certs within the BR required timeframe | 1572638 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:02Z | 2019-08-09T07:04:59Z |
Actalis: Failure to revoke within 7 days: OCSP EKU issue | 1651651 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:11:55Z | 2020-07-09T12:10:45Z |
Actalis: inaccurate value in stateOrProvinceName | 1648997 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:11:56Z | 2020-06-28T14:38:20Z |
Actalis: Incorrect OCSP Delegated Responder Certificate | 1649961 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ocsp-failure] | 2023-02-22T18:11:57Z | 2020-07-02T01:46:05Z |
Actalis: Insufficient serial number entropy | 1534295 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:11:58Z | 2019-03-11T15:23:03Z |
Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586787 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] [ca-misissuance] | 2023-02-22T18:18:03Z | 2019-10-07T15:17:35Z |
Actalis: Issuance of intermediates after 2020-08-20 that do not comply with Mozilla Policy and the Baseline Requirements | 1717357 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-misissuance] | 2023-02-22T18:12:00Z | 2021-06-20T17:07:17Z |
Actalis: Non BR Compliant OCSP Responder | 1523680 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:01Z | 2019-01-29T17:01:00Z |
Actalis: Non-BR-Compliant Certificate Issuance | 1390974 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] [disclosure-failure] | 2023-02-22T18:12:02Z | 2017-08-16T17:37:59Z |
Actalis: pre-certificates with “certificateHold” as the revocation reason | 1824319 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [crl-failure] | 2023-07-20T23:23:59Z | 2023-03-24T09:22:04Z |
Actalis: revocation delay for certificates issued with invalid RDN Order | 1887941 | RESOLVED | FIXED | Marco Menonna | [ca-compliance] [leaf-revocation-delay] | 2024-06-01T14:07:09Z | 2024-03-26T17:50:20Z |
AGCE: Non-Compliant VPN Certificate Issuance | 1882256 | RESOLVED | FIXED | ance.certification.info | [ca-compliance] [ov-misissuance] | 2024-08-28T21:31:32Z | 2024-02-27T10:44:42Z |
Amazon Trust Services / DigiCert: 404 error when fetching CRL | 1800405 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [crl-failure] | 2023-02-22T18:27:34Z | 2022-11-14T02:20:12Z |
Amazon Trust Services: ALV Errors | 1713668 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [audit-failure] | 2023-02-22T18:27:35Z | 2021-05-31T20:11:17Z |
Amazon Trust Services: CAA Misissuances | 1398428 | RESOLVED | FIXED | Peter Bowen | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:33Z | 2017-09-09T05:06:53Z |
Amazon Trust Services: CP/CPS does not specify key compromise methods | 1713976 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [policy-failure] | 2023-02-22T18:27:36Z | 2021-06-02T00:33:04Z |
Amazon Trust Services: CRL not DER-encoded | 1914893 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [crl-failure] [external] | 2024-09-18T20:11:56Z | 2024-08-26T12:35:54Z |
Amazon Trust Services: Delayed Revocation of Subordinate CA | 1743943 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ca-revocation-delay] | 2023-06-02T15:24:38Z | 2021-12-02T01:29:57Z |
Amazon Trust Services: Failure to comply with RFC 5280 | 1521623 | RESOLVED | INVALID | Trevoli (Amazon Trust Services) | [ca-compliance] | 2024-05-09T20:56:24Z | 2019-01-21T22:10:37Z |
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6 | 1713978 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [policy-failure] | 2023-02-22T18:27:37Z | 2021-06-02T00:35:22Z |
Amazon Trust Services: Misissuance of Subordinate Per CPS | 1743935 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ca-misissuance] | 2023-02-22T18:27:38Z | 2021-12-02T01:03:30Z |
Amazon Trust Services: Missing CAA Check For Test Website Certificates | 1746945 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:27:39Z | 2021-12-20T21:47:24Z |
Amazon Trust Services: No Space In Private Organization | 1569266 | RESOLVED | FIXED | Dave Blunt | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:24Z | 2019-07-26T18:52:26Z |
Amazon Trust Services: Overdue audit statements for intermediate certificates | 1757615 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:41:17Z | 2022-03-01T18:28:06Z |
Amazon Trust Services: Revocation Time for Intermediate Certificates | 1719920 | RESOLVED | FIXED | Heather (Amazon Trust Services) | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:28:07Z | 2021-07-09T20:42:50Z |
Amazon Trust Services: Revoked Sample Certs - No SANs | 1574594 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:41Z | 2019-08-16T19:22:06Z |
Amazon Trust Services: Test revoked certificates with invalid validity period | 1525710 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:42Z | 2019-02-06T20:44:51Z |
ANF AC: 2023 Audit Report Finding | 1837386 | RESOLVED | FIXED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2023-10-12T10:24:44Z | 2023-06-08T11:12:50Z |
Apple: CRL issuance frequency deviates from CPS in some cases | 1772644 | RESOLVED | FIXED | certification_authority | [ca-compliance] [crl-failure] [policy-failure] | 2023-02-22T18:15:34Z | 2022-06-04T01:16:10Z |
Apple: Empty SingleExtension in OCSP responses | 1669618 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:37Z | 2020-10-07T02:33:52Z |
Apple: EV Certificate Approver Authorization | 1659316 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:37Z | 2020-08-16T03:10:26Z |
Apple: EV TLS pre-certificates issued without EKU extension | 1777757 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:39Z | 2022-07-02T01:16:54Z |
Apple: Intermediate CA certificates omitted from audit statement | 1724528 | RESOLVED | FIXED | certification_authority | [ca-compliance] [audit-failure] | 2024-06-30T20:04:00Z | 2021-08-06T23:18:31Z |
Apple: OCSP availability 2020-11-12 | 1677234 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:40Z | 2020-11-13T23:32:41Z |
Apple: OCSP responders return ‘unknown’ for valid S/MIME and TLS certificates | 1771398 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:41Z | 2022-05-26T22:38:43Z |
Apple: OCSP responders return responses with incorrect issuer | 1588001 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:42Z | 2019-10-11T02:38:19Z |
Apple: Patch Management | 1598829 | RESOLVED | FIXED | certification_authority | [ca-compliance] [uncategorized] | 2023-02-22T18:15:43Z | 2019-11-23T03:16:07Z |
Apple: Revocation Delay for TLS certificates issued outside the TTL of the CAA record | 1843676 | RESOLVED | FIXED | certification_authority | [ca-compliance] [leaf-revocation-delay] | 2023-09-22T22:43:52Z | 2023-07-15T00:37:10Z |
Apple: Test website certificates expired | 1730291 | RESOLVED | FIXED | certification_authority | [ca-compliance] [uncategorized] | 2024-06-30T19:11:36Z | 2021-09-11T00:05:08Z |
Apple: TLS certificates issued outside the TTL of the CAA record | 1841534 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [ev-misissuance] Next update 2023-08-15 | 2023-08-30T15:41:47Z | 2023-07-03T15:57:07Z |
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order | 1865080 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ev-misissuance] | 2024-01-04T20:53:40Z | 2023-11-16T14:02:36Z |
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record | 1409766 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:38Z | 2017-10-18T15:03:21Z |
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag | 1409764 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] | 2023-02-22T18:12:45Z | 2017-10-18T14:59:21Z |
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420860 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] | 2023-02-22T18:12:46Z | 2017-11-27T10:27:57Z |
Asseco DS / Certum: commonName not from subjectAltName entries | 1550575 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:39Z | 2019-05-09T19:38:32Z |
Asseco DS / Certum: Corrupted certificates | 1511459 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [dv-misissuance] [crl-failure] | 2023-02-22T18:28:40Z | 2018-11-30T19:57:00Z |
Asseco DS / Certum: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | 1909203 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [disclosure-failure] | 2024-09-04T16:05:40Z | 2024-07-22T12:44:23Z |
Asseco DS / Certum: CPS does not refer to BR domain validation methods | 1717034 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [policy-failure] | 2023-02-22T18:12:15Z | 2021-06-17T14:49:18Z |
Asseco DS / Certum: CRL non-conformance with the TLS BRs | 1888689 | RESOLVED | FIXED | Kateryna Aleksieieva | [ca-compliance] [crl-failure] [external] | 2024-10-02T21:56:18Z | 2024-03-29T17:37:14Z |
Asseco DS / Certum: Cross-certificate not included in 2024 S/MIME Audit statement | 1904494 | RESOLVED | FIXED | Kateryna Aleksieieva | [ca-compliance] [audit-failure] | 2024-09-04T16:05:55Z | 2024-06-25T07:05:47Z |
Asseco DS / Certum: Cross-certificate with wrong policy identifier | 1823040 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-misissuance] Next update 2023-04-28 | 2023-05-19T20:59:32Z | 2023-03-17T14:25:57Z |
Asseco DS / Certum: Cross-Signed non-EV-audited root with an EV-enabled root | 1815355 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-misissuance] | 2023-08-16T20:34:36Z | 2023-02-07T01:02:26Z |
Asseco DS / Certum: Delayed revocation of EV certificates | 1871393 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [leaf-revocation-delay] | 2024-05-09T20:57:24Z | 2023-12-21T13:38:56Z |
Asseco DS / Certum: Delayed revocation of SHECA cross certificate | 1825734 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-revocation-delay] Next update 2023-04-28 | 2023-06-01T16:09:16Z | 2023-03-31T09:39:46Z |
Asseco DS / Certum: Delayed revocation of SSL.COM cross certificate | 1826363 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-revocation-delay] | 2023-06-08T16:43:53Z | 2023-04-04T15:06:56Z |
Asseco DS / Certum: EV certificate mis-issue | 1451228 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:47Z | 2018-04-04T07:01:06Z |
Asseco DS / Certum: EV Certificates issued with wrong Business Category | 1600301 | RESOLVED | FIXED | Aleksandra Kapinos | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:13Z | 2019-11-29T13:58:21Z |
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours. | 1667684 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:41Z | 2020-09-27T19:47:28Z |
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period | 1600158 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:28:42Z | 2019-11-28T20:56:36Z |
Asseco DS / Certum: Failure to revoke within 5 days | 1668523 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:12:21Z | 2020-10-01T12:53:17Z |
Asseco DS / Certum: Forward dating certificates (notBefore in the future) | 1718680 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [uncategorized] | 2023-02-22T18:12:16Z | 2021-06-29T19:22:06Z |
Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate | 1567062 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:43Z | 2019-07-18T04:16:27Z |
Asseco DS / Certum: Incorrect localityName | 1710206 | RESOLVED | INVALID | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-05-08T11:07:15Z |
Asseco DS / Certum: Incorrect localityName | 1711208 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:18Z | 2021-05-14T12:39:03Z |
Asseco DS / Certum: Incorrect OCSP response encoding | 1639502 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:44Z | 2020-05-20T10:18:48Z |
Asseco DS / Certum: Intermediate CA certificates not listed in audit report | 1598277 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [audit-failure] | 2024-06-30T20:04:30Z | 2019-11-21T12:22:42Z |
Asseco DS / Certum: Invalid dnsNames | 1524195 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:45Z | 2019-01-31T08:44:10Z |
Asseco DS / Certum: Invalid stateOrProvinceName field | 1667986 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:19Z | 2020-09-29T12:32:51Z |
Asseco DS / Certum: Invalid stateOrProvinceName field (recurrent incident) | 1709392 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:20Z | 2021-05-04T15:49:39Z |
Asseco DS / Certum: Invalid value in SAN dNSName | 1611458 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:46Z | 2020-01-24T16:17:21Z |
Asseco DS / Certum: IP in dnsName | 1524878 | RESOLVED | DUPLICATE | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:47Z | 2019-02-03T19:31:55Z |
Asseco DS / Certum: non-audited intermediate certificate | 1579299 | RESOLVED | INVALID | Aleksandra Kapinos | [ca-compliance] | 2023-02-22T18:12:14Z | 2019-09-06T00:25:02Z |
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys | 1435770 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] [leaf-revocation-delay] | 2023-02-22T18:12:48Z | 2018-02-05T17:37:34Z |
Asseco DS / Certum: Overdue Audit Statements 2019 | 1566586 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [audit-failure] | 2023-02-22T18:28:49Z | 2019-07-16T20:11:46Z |
Asseco DS / Certum: S/MIME certificates with error in subjectAlternativeName | 1879845 | RESOLVED | FIXED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] | 2024-10-02T21:56:44Z | 2024-02-12T13:22:11Z |
Asseco DS / Certum: SMIME certificates with wrong organizationIdentifier | 1853663 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [smime-misissuance] Next update 2-Oct-2023 | 2024-05-09T20:57:33Z | 2023-09-18T11:59:42Z |
Asseco DS / Certum: Subordinate certificates with sequential serial number | 1832093 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-misissuance] | 2023-06-02T15:25:04Z | 2023-05-09T14:46:17Z |
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) | 1495518 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:50Z | 2018-10-01T18:42:05Z |
Asseco DS / Certum: Use of forbidden subjectPublicKeyInfo algorithm | 1518560 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:51Z | 2019-01-08T17:48:51Z |
Atos: Incorrect OCSP Delegated Responder Certificate | 1649963 | RESOLVED | FIXED | u636358 | [ca-compliance] [ocsp-failure] | 2023-02-22T18:27:44Z | 2020-07-02T01:49:14Z |
Atos: Insufficient Serial Number Entropy | 1540961 | RESOLVED | FIXED | u636358 | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:45Z | 2019-04-02T09:16:12Z |
Atos: Tracking bug for possible audit delays | 1626355 | RESOLVED | FIXED | u636358 | [ca-compliance] [audit-failure] [covid-19] | 2023-02-22T18:27:46Z | 2020-03-31T18:21:47Z |
Buypass: Domain validation method using externally operated DNS tools | 1839305 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2024-06-30T03:26:45Z | 2023-06-20T08:08:51Z |
Buypass: Domain validation method using not allowed domain contact | 1838421 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [dv-misissuance] | 2024-06-30T03:27:01Z | 2023-06-14T12:44:32Z |
Buypass: Failure to revoke PSD2 QWACs within mandated 5 days | 1628292 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:21:42Z | 2020-04-08T12:21:21Z |
Buypass: Findings in 2023 audit | 1875440 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [audit-finding] | 2024-03-15T16:07:21Z | 2024-01-19T08:45:57Z |
Buypass: Illegal Business Category in a PSD2 QWAC | 1632632 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:43Z | 2020-04-23T20:06:39Z |
Buypass: Insufficient Serial Number Entropy | 1539307 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ca-misissuance] | 2023-02-22T18:21:44Z | 2019-03-27T00:04:50Z |
Buypass: Intermediate certificates not listed in audit reports | 1595113 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [audit-failure] | 2023-02-22T18:21:45Z | 2019-11-08T15:42:26Z |
Buypass: intermediate certificates not revoked within BR time period | 1598319 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:21:46Z | 2019-11-21T15:22:06Z |
Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs | 1626078 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:47Z | 2020-03-30T20:01:58Z |
Buypass: PSD2 QWAC with RSA modulus not divisible by 8 | 1654216 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:49Z | 2020-07-21T08:44:01Z |
Buypass: TLS certificates not revoked within 5 days | 1865368 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [leaf-revocation-delay] | 2024-04-06T02:31:06Z | 2023-11-17T15:55:56Z |
Buypass: TLS certificates with incorrect Subject attribute order | 1864204 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2024-05-10T20:23:48Z | 2023-11-10T16:21:34Z |
Buypass: Using an external DNS Resolver for DNS lookups | 1872371 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ov-misissuance] | 2024-08-07T14:01:52Z | 2023-12-29T16:02:59Z |
Camerfirma: audit gap | 1583470 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [audit-failure] | 2023-02-22T18:12:22Z | 2019-09-24T11:08:38Z |
Camerfirma: BR revocation period exceeded | 1624658 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:12:24Z | 2020-03-24T17:25:53Z |
Camerfirma: certificate for unregistered domain cuatis.net | 1672423 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:25Z | 2020-10-21T15:37:36Z |
Camerfirma: Certificate issued with 3-year lifespan, unknown policy | 1686524 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [uncategorized] | 2023-02-22T18:17:20Z | 2021-01-13T18:22:03Z |
Camerfirma: certificate with an incorrect OrganizationName | 1680083 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:21Z | 2020-12-01T18:37:48Z |
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier | 1685557 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:26Z | 2021-01-07T18:08:13Z |
Camerfirma: Certs issued with same issuer and serial number | 1405815 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ca-misissuance] | 2023-02-22T18:24:38Z | 2017-10-04T20:16:09Z |
Camerfirma: certs with duplicate SANs and without localityName or stateOrProvinceName | 1357067 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:09Z | 2017-04-17T13:17:52Z |
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant | 1688215 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [policy-failure] | 2023-02-22T18:12:27Z | 2021-01-22T14:46:23Z |
Camerfirma: Decision not to revoke certificates with authorityKeyIdentifier that violates Mozilla Policy | 1609828 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:11Z | 2020-01-17T02:02:26Z |
Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits | 1692535 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:15:04Z | 2021-02-12T18:03:08Z |
Camerfirma: Delayed revocations related to certificates without CABForum OV Reserved Policy Identifier | 1686966 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:12:28Z | 2021-01-15T15:26:32Z |
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident | 1647099 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:12:29Z | 2020-06-20T21:07:24Z |
Camerfirma: Delayed revocations related to Invalid stateOrProvinceName field | 1668331 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:13Z | 2020-09-30T16:56:47Z |
Camerfirma: EV Certificates issued with wrong Business Category | 1600114 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:30Z | 2019-11-28T17:00:58Z |
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA | 1672029 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [disclosure-failure] | 2023-02-22T18:12:31Z | 2020-10-19T19:51:27Z |
Camerfirma: failure to revoke underscores | 1524871 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:23Z | 2019-02-03T18:23:27Z |
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue | 1652603 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:17:24Z | 2020-07-13T23:03:16Z |
Camerfirma: Govern d'Andorra Audit Delay | 1704140 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:42:12Z | 2021-04-09T16:59:28Z |
Camerfirma: Govern d'Andorra audits | 1575530 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:22:14Z | 2019-08-21T12:58:50Z |
Camerfirma: Incorrect disclosure of Intesa Sanpaolo sub-CA | 1672562 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [disclosure-failure] | 2023-02-22T18:12:33Z | 2020-10-22T00:39:13Z |
Camerfirma: Incorrect OCSP Delegated Responder Certificate | 1649944 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ca-misissuance] | 2023-02-22T18:17:25Z | 2020-07-02T01:39:03Z |
Camerfirma: Infocert misissued certificates | 1556806 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:26Z | 2019-06-04T17:29:54Z |
Camerfirma: Intesa Sanpaolo misissued certificates | 1557085 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:27Z | 2019-06-05T16:38:44Z |
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident | 1623384 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:12:34Z | 2020-03-18T16:59:47Z |
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident | 1623389 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:11Z | 2020-03-18T17:08:38Z |
Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280 | 1586860 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:22:15Z | 2019-10-07T18:28:50Z |
Camerfirma: Invalid country field for Camerfirma root CA certificates | 1468000 | VERIFIED | INVALID | Ben Wilson | [ca-compliance] | 2024-05-09T23:23:42Z | 2018-06-09T14:05:34Z |
Camerfirma: Invalid stateOrProvinceName field | 1667430 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:35Z | 2020-09-25T16:43:12Z |
Camerfirma: Missing audit for Intermediate certificate | 1455147 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [audit-failure] | 2023-02-22T18:22:16Z | 2018-04-18T22:36:54Z |
Camerfirma: MULTICERT certificates with a validity period greater than 825 days | 1509002 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:28Z | 2018-11-21T12:21:41Z |
Camerfirma: MULTICERT Misissuance and missing audits | 1502957 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] [audit-failure] | 2023-02-22T18:22:17Z | 2018-10-29T17:53:16Z |
Camerfirma: MULTICERT organizationName Too Long | 1481862 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:18Z | 2018-08-08T16:08:56Z |
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy | 1534429 | RESOLVED | FIXED | ca.forum | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:12Z | 2019-03-11T21:09:17Z |
Camerfirma: No disclosure of verification sources | 1688382 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [policy-failure] | 2023-02-22T18:12:36Z | 2021-01-23T13:02:40Z |
Camerfirma: Non-BR-Compliant Certificate Issuance | 1390977 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:39Z | 2017-08-16T17:45:59Z |
Camerfirma: Non-BR-Compliant Issuance - DNSName is empty | 1443857 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:19Z | 2018-03-07T17:30:24Z |
Camerfirma: Non-BR-Compliant Issuance - Non-printable characters in OU field | 1431164 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:20Z | 2018-01-17T18:03:08Z |
Camerfirma: Non-BR-Compliant OCSP Responders | 1426233 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:40Z | 2017-12-19T20:54:48Z |
Camerfirma: Old CAs with an RSA modulus size of 2047 bits | 1692533 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ca-misissuance] | 2023-02-22T18:12:37Z | 2021-02-12T17:56:45Z |
Camerfirma: Outdated audit statements for intermediate certs | 1549861 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [audit-failure] | 2023-02-22T18:17:30Z | 2019-05-07T22:16:12Z |
Camerfirma: Potential Mis-Issuance based on CAA records | 1420871 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:41Z | 2017-11-27T11:45:15Z |
Camerfirma: Qualified Audit Statements | 1478933 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [audit-finding] | 2023-02-22T18:22:21Z | 2018-07-27T08:07:24Z |
Camerfirma: suspicious certificate for com.com | 1672409 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:38Z | 2020-10-21T14:49:48Z |
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate | 1532333 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [crl-failure] | 2023-02-22T18:17:31Z | 2019-03-04T16:44:13Z |
Certainly: CRL Issuing Distribution Point Mismatch in CCADB | 1819422 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-03-24T16:11:21Z | 2023-02-28T19:42:13Z |
Certainly: Intermediate certificates with wrong time encoding | 1777270 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ca-misissuance] | 2023-02-22T18:15:05Z | 2022-06-29T15:17:59Z |
Certainly: Root CRL validity period exceeds maximum by one second | 1732745 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [crl-failure] | 2023-02-22T18:28:12Z | 2021-09-27T16:30:33Z |
Certainly: Serving Bad OCSP Responses | 1798053 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:13Z | 2022-10-28T19:03:00Z |
Certainly: Serving Expired OCSP Responses | 1771238 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:14Z | 2022-05-25T22:51:26Z |
Certainly: Serving invalid or incomplete CRLs | 1900129 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [crl-failure] | 2024-06-28T19:01:22Z | 2024-05-31T20:42:04Z |
Certainly: TLS Using ALPN TLS Version and OID | 1752452 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:15Z | 2022-01-28T00:08:42Z |
Certicamara: Failure to respond to September 2018 CA Survey | 1498409 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] [disclosure-failure] | 2023-03-20T15:01:11Z | 2018-10-11T22:41:22Z |
Certicamara: Undisclosed Intermediate certificates | 1455128 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:09Z | 2018-04-18T21:37:38Z |
Certigna: ARL without reasoncode for recent revoked CA certificates | 1900654 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [crl-failure] [external] | 2024-08-28T21:37:31Z | 2024-06-04T16:32:05Z |
Certigna: Certificate issued with validity period greater than 398-days | 1774418 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-04-19T22:27:37Z | 2022-06-15T13:49:56Z |
Certigna: certificates issued with 2 SCT | 1709896 | RESOLVED | INVALID | Josselin Allemandou | [ca-compliance] | 2024-05-09T21:00:11Z | 2021-05-06T16:27:26Z |
Certigna: Findings in 2024 ETSI Audit – Audit Incident Report | 1907833 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [audit-finding] | 2024-08-28T21:37:11Z | 2024-07-15T10:19:37Z |
Certigna: Issuance without respecting CAA records | 1485413 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:43Z | 2018-08-22T16:59:17Z |
Certigna: Precertificate with a validity period greater than 398-days | 1774171 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:06Z | 2022-06-14T10:26:36Z |
Certigna: Revocation delay for TLS certificates with basic constraint not marked as critical | 1886442 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [leaf-revocation-delay] | 2024-06-01T14:07:36Z | 2024-03-20T13:44:20Z |
Certigna: TLS certificates with Basic constraint non-critical | 1883416 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2024-08-28T21:37:52Z | 2024-03-04T16:36:15Z |
Certinomis / Docapost: Failure to respond to January 2018 survey | 1439126 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [disclosure-failure] | 2023-02-22T18:17:50Z | 2018-02-17T16:17:11Z |
Certinomis / Docapost: Non-BR-Compliant OCSP Responders | 1425998 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:51Z | 2017-12-18T23:30:08Z |
Certinomis: 174 certificates with unknown OCSP status | 1551390 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:52Z | 2019-05-14T02:51:13Z |
Certinomis: certificates for an unregistered domain, with unknown OCSP status | 1544933 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:53Z | 2019-04-16T20:05:28Z |
Certinomis: certificates with invalid DNS SAN | 1551357 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:55Z | 2019-05-13T23:44:56Z |
Certinomis: certificates with space in dNSName SAN | 1539531 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:52Z | 2019-03-27T16:43:30Z |
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB | 1386891 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [disclosure-failure] | 2023-02-22T18:17:48Z | 2017-08-02T23:56:38Z |
Certinomis: email address in DNS SAN | 1503128 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:53Z | 2018-10-30T05:10:26Z |
Certinomis: invalid CDP extension | 1524451 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:54Z | 2019-02-01T04:02:44Z |
Certinomis: invalid DNS names in SAN | 1524094 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:55Z | 2019-01-30T23:12:19Z |
Certinomis: Invalid SAN in a certificate | 1542793 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:56Z | 2019-04-08T15:29:50Z |
Certinomis: invalid state and locality fields in subject | 1524103 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:57Z | 2019-01-30T23:28:42Z |
Certinomis: Invalid TLD in SAN | 1542328 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:57Z | 2019-04-05T17:18:46Z |
Certinomis: misissued test certificates | 1524448 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2024-06-30T19:17:15Z | 2019-02-01T03:47:23Z |
Certinomis: Non-BR-Compliant Certificate Issuance | 1390978 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:49Z | 2017-08-16T17:48:32Z |
Certinomis: test certificate for test.com, O=Entreprise TEST | 1496088 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2024-06-30T19:16:53Z | 2018-10-03T14:22:11Z |
Certinomis: test certificates, O=POUR TEST in subject | 1524112 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2024-06-30T19:17:57Z | 2019-01-30T23:59:08Z |
Certinomis: Unqualified Domain Name in SAN | 1495524 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:00Z | 2018-10-01T18:52:44Z |
Certinomis: Use of Domain Validation Method 3.2.2.4.5 after August 1, 2018 | 1547072 | RESOLVED | INVALID | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-04-25T18:57:07Z |
Certinomis: validity period >825 days | 1524449 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:01Z | 2019-02-01T03:52:25Z |
certSIGN: "Some-State" in stateOrProvinceName | 1551375 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:06Z | 2019-05-14T00:53:56Z |
certSIGN: Certificates with incorrect Subject attribute order | 1886624 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2024-06-05T21:29:16Z | 2024-03-20T22:28:05Z |
certSIGN: CPS specifies md5 and sha1WithRSAEncryption as useable signature types | 1718675 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [policy-failure] | 2023-02-22T18:17:58Z | 2021-06-29T18:21:18Z |
certSIGN: Delayed response to CPR | 1886626 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [policy-failure] | 2024-06-01T14:06:21Z | 2024-03-20T22:29:39Z |
certSIGN: Delayed revocation | 1886627 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [leaf-revocation-delay] | 2024-06-01T14:05:46Z | 2024-03-20T22:30:47Z |
certSIGN: Findings in 2023 ETSI Audit for certSIGN ROOT CA G2 - Audit Incident Report | 1833667 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [audit-finding] Next update 01-Nov-2023 | 2023-11-19T22:01:50Z | 2023-05-17T16:20:58Z |
certSIGN: Findings in 2024 ETSI Audit - Audit Incident Report | 1897134 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2024-09-06T15:14:19Z | 2024-05-16T12:21:22Z |
certSIGN: Incorrect data in stateOrProvinceName | 1763173 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:59Z | 2022-04-05T15:50:23Z |
certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client | 1674886 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:01Z | 2020-11-02T20:33:07Z |
certSIGN: Non-BR-Compliant Certificate Issuance | 1390979 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:07Z | 2017-08-16T17:50:47Z |
certSIGN: Non-BR-Compliant OCSP Responders | 1398243 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:09Z | 2017-09-08T17:43:09Z |
certSIGN: Subscriber precertificate without Certificate Policies | 1762707 | RESOLVED | FIXED | Valentin Necoara | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:47Z | 2022-04-02T10:25:24Z |
CFCA: certificate basicConstraints extension not marked as critical | 1886135 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ov-misissuance] | 2024-09-26T18:19:38Z | 2024-03-19T10:57:32Z |
CFCA: certificate with an incorrect OrganizationName | 1838371 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ov-misissuance] | 2024-01-19T15:21:51Z | 2023-06-14T06:33:13Z |
CFCA: Certificate with wrong crlDistributionPoints | 1809382 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ov-misissuance] [ev-misissuance] Next update 2023-05-10 | 2023-09-29T15:33:03Z | 2023-01-10T06:31:09Z |
CFCA: CRL Error | 1863122 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [crl-failure] | 2024-01-10T19:43:49Z | 2023-11-04T08:09:41Z |
CFCA: Delayed reporting of intermediate CA certificate | 1784820 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [disclosure-failure] | 2023-08-16T20:34:22Z | 2022-08-15T01:50:44Z |
CFCA: Delayed reporting of revocation of an intermediate CA certificate | 1798812 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [disclosure-failure] | 2023-05-04T21:31:28Z | 2022-11-02T23:57:11Z |
CFCA: EV certificate with wrong PostalCode&Street | 1802845 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ev-misissuance] | 2023-09-29T15:32:49Z | 2022-11-28T08:59:21Z |
CFCA: ICA without EKU | 1793053 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ca-misissuance] Next update 2023-03-30 | 2023-06-30T16:29:50Z | 2022-09-30T11:56:05Z |
CFCA: Internal iPAddress in certificate | 1524143 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:31Z | 2019-01-31T03:01:37Z |
CFCA: invalid dnsNames | 1524733 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:33Z | 2019-02-02T01:53:09Z |
CFCA: Invalid TLD in SAN | 1532429 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:34Z | 2019-03-04T21:10:14Z |
CFCA: Missed annual CPS update publication on website in 2018 | 1565494 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [policy-failure] | 2024-06-30T20:36:41Z | 2019-07-12T08:36:16Z |
CFCA: O > 64 characters | 1532113 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:26:47Z | 2019-03-03T00:46:20Z |
CFCA: Overdue Audit Statements 2021 | 1741497 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [audit-delay] | 2023-03-02T19:04:33Z | 2021-11-16T21:13:00Z |
CFCA: Precertificate with postalCode and streetAddress swapped | 1771482 | RESOLVED | FIXED | bixinlong | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:43Z | 2022-05-27T11:42:17Z |
CFCA: Repeated unexplained delays in providing timely status updates | 1613409 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [policy-failure] | 2023-02-22T18:26:49Z | 2020-02-05T15:44:42Z |
CFCA: The delay in revocation of ICA | 1793059 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ca-revocation-delay] | 2023-06-30T16:30:04Z | 2022-09-30T12:15:26Z |
CFCA: The wrong status of OCSP | 1778035 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ocsp-failure] | 2023-04-19T22:28:04Z | 2022-07-05T01:24:08Z |
CFCA: Wrong OrganizationName | 1608333 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:50Z | 2020-01-10T05:44:00Z |
CFCA: Wrong SerialNumber encoding | 1532559 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:35Z | 2019-03-05T09:53:07Z |
Chunghwa Telecom: ALV failures on intermediate certificates | 1614444 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] [audit-failure] | 2024-06-30T19:42:44Z | 2020-02-10T19:40:24Z |
Chunghwa Telecom: Controversial Values within Extension (2.5.29.9, subjectDirectoryAttributes) | 1899466 | RESOLVED | FIXED | Leo Fang | [ca-compliance] [ov-misissuance] | 2024-09-13T16:35:09Z | 2024-05-29T04:13:45Z |
Chunghwa Telecom: Test certificate with unregistered domain name | 1532436 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:43Z | 2019-03-04T21:37:25Z |
Chunghwa Telecom: Wrong Extended Key Usage setting by GTLSCA | 1887096 | RESOLVED | FIXED | Tsung-Min Kuo | [ca-compliance] [ov-misissuance] | 2024-09-06T15:13:15Z | 2024-03-22T17:25:13Z |
CommScope: Certificate not revoked as it was supposed to be | 1859812 | RESOLVED | FIXED | Nicol So | [ca-compliance] [policy-failure] | 2024-03-06T17:27:48Z | 2023-10-18T15:41:23Z |
CommScope: Certificates were issued in which third-party web-based tools were used during validation. | 1901578 | RESOLVED | FIXED | Nicol So | [ca-compliance] [dv-misissuance] | 2024-07-28T14:40:05Z | 2024-06-10T17:24:44Z |
CommScope: Empty SCT extensions in certificates | 1852404 | RESOLVED | FIXED | Nicol So | [ca-compliance] [dv-misissuance] | 2024-07-01T21:10:48Z | 2023-09-09T19:06:57Z |
CommScope: Incomplete Incident Report | 1904402 | RESOLVED | FIXED | Nicol So | [ca-compliance] [policy-failure] | 2024-09-26T18:19:15Z | 2024-06-24T18:20:49Z |
CommScope: OCSP responses contain issuer certificate | 1904399 | RESOLVED | INVALID | Nicol So | [ca-compliance] [ocsp-failure] | 2024-08-17T07:37:59Z | 2024-06-24T18:07:12Z |
Comodo: CA issuing EV Certs without Higher Authority checks | 1501374 | RESOLVED | INVALID | Robin Alden | [ca-compliance] | 2024-05-09T21:00:47Z | 2018-10-23T17:49:55Z |
Comodo: CAA Mis-Issuance on basic test case | 1410834 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:05Z | 2017-10-23T09:40:04Z |
Comodo: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420858 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:53Z | 2017-11-27T10:25:18Z |
Comodo: CAA Misissuance | 1398545 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:54Z | 2017-09-10T00:09:52Z |
Comodo: CAA misissuances due to race condition | 1423624 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:55Z | 2017-12-06T16:35:35Z |
Comodo: Misissuance using "CNAME CSR Hash 2" method of domain control validation | 1461391 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:07Z | 2018-05-14T17:51:50Z |
Comodo: Non-BR-Compliant Certificate Issuance | 1390981 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] [disclosure-failure] | 2023-02-22T18:24:57Z | 2017-08-16T17:54:00Z |
Comodo: Possible CAA Misissuance due against critical record | 1532313 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-03-04T15:20:11Z |
Comodo/cPanel: Potential Mis-Issuance based on CAA records (Sep 28, 2017) | 1420873 | RESOLVED | INVALID | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-11-27T11:51:26Z |
Consorci AOC: EC-SECTORPUBLIC insufficient serial number entropy | 1538673 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:17:41Z | 2019-03-25T12:00:36Z |
Consorci AOC: Insufficient Audit Statements | 1425805 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [audit-failure] | 2023-02-22T18:17:42Z | 2017-12-18T07:15:25Z |
Consorci AOC: Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9 | 1590723 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ev-misissuance] | 2024-05-09T21:00:57Z | 2019-10-23T12:34:47Z |
Consorci AOC: Non-BR-Compliant Certificate Issuance | 1390988 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:43Z | 2017-08-16T18:05:27Z |
Consorci AOC: Non-BR-Compliant OCSP Responders | 1398246 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:44Z | 2017-09-08T17:47:05Z |
Consorci AOC: OCSP responding good for non-issued certs by Consorci AOC root already solved | 1467110 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2024-05-09T23:33:19Z | 2018-06-06T12:22:46Z |
Consorci AOC: Problem reporting mechanism for Consorci AOC points to URL with invalid cert | 1428832 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [policy-failure] [disclosure-failure] | 2023-02-22T18:17:45Z | 2018-01-08T17:43:37Z |
Consorci AOC: Qualified audit statements | 1496616 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [audit-failure] | 2023-02-22T18:17:46Z | 2018-10-04T23:57:19Z |
Cybertrust Japan: CRL signature algorithm encoding error | 1827490 | RESOLVED | FIXED | masahiro.shikutani | [ca-compliance] [crl-failure] | 2023-06-02T15:25:20Z | 2023-04-11T20:08:34Z |
Cybertrust Japan: Root CRLs exceed maximum validity period by one second | 1737242 | RESOLVED | FIXED | Masaru Sakamoto | [ca-compliance] [crl-failure] | 2023-02-22T18:22:27Z | 2021-10-22T09:24:51Z |
Cybertrust Japan: three test websites not provided | 1466252 | RESOLVED | FIXED | masahiro.shikutani | [ca-compliance] [uncategorized] | 2023-02-22T18:22:26Z | 2018-06-01T22:49:04Z |
D-Trust: "unknown" OCSP response for issued certificates | 1879529 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ocsp-failure] | 2024-04-06T02:31:59Z | 2024-02-09T13:10:27Z |
D-TRUST: Certificate with RSA key where modulus is not divisible by 8 | 1691117 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:04Z | 2021-02-05T18:22:44Z |
D-TRUST: CRL not DER-encoded | 1793440 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [crl-failure] | 2023-02-22T18:17:05Z | 2022-10-03T13:27:09Z |
D-Trust: CRL-Entries without required CRL Reason Code | 1913310 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [crl-failure] | 2024-09-13T16:34:40Z | 2024-08-15T11:46:15Z |
D-Trust: Delay beyond 5 days in revoking misissued certificate | 1862082 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] | 2023-12-14T18:12:13Z | 2023-10-30T22:37:09Z |
D-TRUST: Delayed revocation of EV certificates | 1580525 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:06Z | 2019-09-11T16:10:10Z |
D-TRUST: EV certificates with incorrectly used businessCategory entry | 1599561 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:07Z | 2019-11-26T20:07:18Z |
D-TRUST: incorrectly formatted businessCategory entry | 1567588 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:08Z | 2019-07-19T18:42:03Z |
D-Trust: Issuance of 15 certificates with incorrect subject attribute order | 1891225 | RESOLVED | FIXED | Leyla Sahin | [ca-compliance] [ev-misissuance] Next update 2024-08-01 | 2024-08-07T14:23:15Z | 2024-04-12T13:48:03Z |
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject | 1861069 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [dv-misissuance] | 2024-06-01T14:02:33Z | 2023-10-25T14:25:07Z |
D-TRUST: Issuance of non-conformant SSL certificate | 1610303 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:10Z | 2020-01-20T14:58:33Z |
D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access field | 1884714 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ov-misissuance] | 2024-09-13T16:34:26Z | 2024-03-11T16:29:07Z |
D-TRUST: Non-BR-Compliant Certificate Issuance | 1390990 | RESOLVED | FIXED | Arno Fiedler | [ca-compliance] [ov-misissuance] [ev-misissuance] [policy-failure] | 2023-02-22T18:14:37Z | 2017-08-16T18:08:00Z |
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours | 1893610 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [policy-failure] | 2024-06-30T20:21:37Z | 2024-04-26T10:21:09Z |
D-TRUST: Precertificate OU > 64 Characters | 1563772 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:11Z | 2019-07-05T16:51:17Z |
D-TRUST: Private Key Disclosed by Customer as Part of CSR | 1682270 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [uncategorized] | 2023-02-22T18:17:12Z | 2020-12-14T11:59:25Z |
D-TRUST: syntax error in one tls certificate | 1509512 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:13Z | 2018-11-23T15:21:04Z |
D-TRUST: Wrong key usage (Key Agreement) | 1756122 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [dv-misissuance] | 2023-02-22T18:17:14Z | 2022-02-18T10:12:34Z |
D-TRUST: Wrong key usage (Key Encipherment) | 1647468 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [dv-misissuance] | 2023-02-22T18:17:15Z | 2020-06-22T19:59:05Z |
DFN-PKI: Finding in 2020 ETSI audit | 1672208 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [uncategorized] | 2023-02-22T18:13:46Z | 2020-10-20T15:54:48Z |
DFN-PKI: OCSP/CRL inconsistencies | 1786313 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:47Z | 2022-08-22T15:22:12Z |
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days | 1667744 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:44Z | 2020-09-28T09:56:20Z |
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days | 1674082 | RESOLVED | FIXED | r.delval | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:34Z | 2020-10-29T10:12:47Z |
Dhimyotis / Certigna: Failure to revoke in the timeline specified by the BRs | 1685142 | RESOLVED | DUPLICATE | r.delval | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:36Z | 2021-01-05T19:21:24Z |
Dhimyotis / Certigna: Intermediate CAs missing audits | 1614821 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [audit-failure] | 2024-06-30T20:05:30Z | 2020-02-11T22:59:31Z |
Dhimyotis / Certigna: Intermediate Cert(s) not disclosed in CCADB | 1451949 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:45Z | 2018-04-05T23:17:27Z |
DigiCert / ABB: greater than 825 day cert issuance | 1451446 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:54Z | 2018-04-04T18:52:32Z |
DigiCert / ABB: Issues with DN, country code and keyUsage | 1456655 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:51Z | 2018-04-24T22:29:53Z |
DigiCert / ADACOM: published expired CRLs | 1483639 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [crl-failure] | 2024-06-30T18:36:07Z | 2018-08-15T18:26:12Z |
DigiCert / CTJ: Metadata in OU fields, Reserved IP Address | 1397957 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:05Z | 2017-09-07T23:41:14Z |
DigiCert / InfoCert: Insufficient Serial Number Entropy | 1397951 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:06Z | 2017-09-07T23:31:38Z |
DigiCert / Inteso San Paulo: Double dot characters | 1397969 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:07Z | 2017-09-08T00:02:09Z |
DigiCert / Justica: Invalid DNS names | 1397961 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [dv-misissuance] | 2023-02-22T18:19:08Z | 2017-09-07T23:52:46Z |
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate | 1647084 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:09Z | 2020-06-20T16:38:24Z |
DigiCert / Siemens: Insufficient Serial Number Entropy | 1397954 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:10Z | 2017-09-07T23:37:40Z |
DigiCert / Swiss Government: CommonName not in SANs | 1397965 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:11Z | 2017-09-07T23:57:55Z |
DigiCert / Symantec: EV JOI Issue | 1413761 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:53Z | 2017-11-02T01:04:36Z |
DigiCert / Telecom Italia: Several Problems | 1397960 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:13Z | 2017-09-07T23:50:32Z |
DigiCert / Terena: Metadata in OU fields | 1397958 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:14Z | 2017-09-07T23:44:38Z |
DigiCert / Thawte: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420861 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2024-05-09T21:01:30Z | 2017-11-27T10:30:39Z |
DigiCert / Verizon: Qualified 2019 Audit Statements | 1573937 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-finding] | 2023-02-22T18:14:27Z | 2019-08-14T18:23:01Z |
DigiCert / Verizon: Reserved/Intranet domain name | 1397968 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:15Z | 2017-09-08T00:00:04Z |
DigiCert / Wells Fargo: Invalid DNS names | 1397963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:19:16Z | 2017-09-07T23:55:43Z |
DigiCert: "Internet Widgits Pty Ltd" in organizationalUnitName | 1639032 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:52Z | 2020-05-18T21:19:33Z |
DigiCert: "Some-State" in stateOrProvinceName | 1551363 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:53Z | 2019-05-14T00:18:54Z |
DigiCert: & character in a printableString in ICA | 1593814 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ca-misissuance] | 2023-02-22T18:19:21Z | 2019-11-04T20:58:08Z |
DigiCert: 4 CRLs unavailable or not responding | 1820269 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [crl-failure] | 2024-06-30T18:35:27Z | 2023-03-03T20:48:21Z |
DigiCert: Apple: Non-compliant Common Name Length | 1556906 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:15:45Z | 2019-06-05T01:08:39Z |
DigiCert: Apple: Non-compliant Serial Numbers | 1533655 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:15:46Z | 2019-03-08T07:19:11Z |
DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown" | 1582519 | RESOLVED | INVALID | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-19T17:19:27Z |
DigiCert: Apple: Unconstrained intermediate CAs not included in WTBR report | 1575125 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [audit-failure] | 2024-06-30T20:05:52Z | 2019-08-20T03:19:15Z |
DigiCert: BR 3.2.5 Validation of Authority Failure for OV Certs | 1429639 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:22Z | 2018-01-11T00:49:24Z |
DigiCert: CAA Checking Issue | 1550645 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:55Z | 2019-05-10T01:02:08Z |
DigiCert: Certificate Issues Identified on the Mailing List | 1389172 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:12Z | 2017-08-10T17:48:43Z |
DigiCert: Certificates issued inconsistent with S/MIME BR v1.0.1 | 1860697 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] Next update 2023-12-21 | 2024-01-04T20:53:23Z | 2023-10-24T01:40:42Z |
DigiCert: Delay of revocation for EV audit inconsistency incident | 1651828 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:13:56Z | 2020-07-09T22:41:01Z |
DigiCert: delayed publication of revocation information | 1640805 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:23Z | 2020-05-26T06:02:30Z |
DigiCert: Delayed Revocation of ~5.5 hours | 1797165 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:24Z | 2022-10-24T19:08:14Z |
DigiCert: Delayed revocation of IV certificates | 1846784 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [leaf-revocation-delay] | 2023-09-02T17:58:57Z | 2023-08-02T17:23:05Z |
DigiCert: DigiCert issued cert with CN too long | 1353827 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] [iv-misissuance] | 2023-02-22T18:21:13Z | 2017-04-05T18:33:16Z |
DigiCert: Domain validation skipped | 1595921 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:25Z | 2019-11-12T21:55:36Z |
DigiCert: ECCE 001 issuing certificates without subject alternative name extension | 1262610 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:26Z | 2016-04-06T20:56:43Z |
DigiCert: Entity not verified in organizationalUnitName | 1676003 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:28Z | 2020-11-08T11:14:07Z |
DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days | 1563573 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:57Z | 2019-07-04T17:29:57Z |
DigiCert: Failure to find and revoke key-compromised certificates within 24 hours | 1693343 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:29Z | 2021-02-17T17:18:08Z |
Digicert: Failure to include CPS URI in 1 certificate | 1888016 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [policy-failure] [ev-misissuance] Next update 2024-06-01 | 2024-06-05T21:36:18Z | 2024-03-27T01:23:16Z |
DigiCert: Failure to properly encode Subject name | 1618256 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:59Z | 2020-02-26T16:35:57Z |
DigiCert: Failure to provide a preliminary report within 24 hours. | 1649277 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [disclosure-failure] | 2023-02-22T18:14:00Z | 2020-06-29T21:53:31Z |
DigiCert: Failure to revoke invalid serialNumber EV certificates within 5 days | 1646866 | RESOLVED | INVALID | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-06-18T22:15:48Z |
DigiCert: Failure to revoke key-compromised certificate | 1639802 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:01Z | 2020-05-21T07:20:23Z |
DigiCert: Failure to revoke key-compromised certificates within 24 hours | 1639801 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:03Z | 2020-05-21T07:12:22Z |
DigiCert: Failure to revoke within 7 days: OCSP EKU issue | 1651461 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:14:04Z | 2020-07-08T19:38:44Z |
DigiCert: Failure to supervise ABB Subordinate CA | 1566162 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [uncategorized] | 2023-02-22T18:19:30Z | 2019-07-15T18:54:09Z |
DigiCert: Good OCSP Responses for Revoked Intermediates | 1523676 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:34Z | 2019-01-29T16:44:19Z |
Digicert: Government Entity listed instead of registration number | 1891531 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2024-05-02T21:31:13Z | 2024-04-15T17:06:23Z |
DigiCert: improper use of domain validation method | 1483715 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2024-06-30T03:28:14Z | 2018-08-15T23:43:12Z |
DigiCert: in-addr.arpa Misissuance | 1531817 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:32Z | 2019-03-01T16:58:02Z |
DigiCert: Inconsistent EV audits | 1650910 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-failure] | 2023-02-22T18:14:05Z | 2020-07-06T20:59:28Z |
DigiCert: Inconsistent validation information | 1824206 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-04-07T15:35:10Z | 2023-03-23T18:09:16Z |
DigiCert: Incorrect case in Business Category | 1894560 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ev-misissuance] | 2024-07-03T13:27:34Z | 2024-05-01T22:04:07Z |
DigiCert: Incorrect OCSP Delegated Responder Certificate | 1649951 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:23Z | 2020-07-02T01:44:09Z |
DigiCert: Incorrect Org ID Scheme in S/MIME | 1898986 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] | 2024-06-21T16:12:39Z | 2024-05-25T23:08:28Z |
DigiCert: Incorrect RegNumber-Org Type combination | 1714439 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:06Z | 2021-06-03T20:49:29Z |
DigiCert: Insufficient entropy in serial numbers | 1417777 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:33Z | 2017-11-16T04:07:41Z |
DigiCert: Intermediate Cert(s) not disclosed in CCADB | 1451950 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:35Z | 2018-04-05T23:19:55Z |
DigiCert: Internal Domain Name cert mis-issuance | 1500621 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:07Z | 2018-10-19T22:51:46Z |
DigiCert: Invalid Country Code Issuance | 1465600 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:08Z | 2018-05-30T20:19:07Z |
DigiCert: Invalid localityName | 1710856 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:09Z | 2021-05-12T13:52:03Z |
DigiCert: Invalid stateOrProvinceName | 1710444 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:10Z | 2021-05-10T15:12:26Z |
DigiCert: IP in dnsName | 1524875 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:11Z | 2019-02-03T19:11:17Z |
DigiCert: Issuance of Cert with Compromised Key | 1624527 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:34Z | 2020-03-24T07:03:19Z |
DigiCert: Issuance of certs with weak keys (ROCA) | 1744795 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:35Z | 2021-12-07T17:41:36Z |
DigiCert: JOI Issue | 1576013 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:36Z | 2019-08-23T00:20:51Z |
DigiCert: Key Size Not Divisible By 8 | 1653475 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:37Z | 2020-07-17T05:07:57Z |
DigiCert: KPN Outdated Audit | 1539296 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:43:42Z | 2019-03-26T22:58:08Z |
DigiCert: Late background refreshment check | 1865235 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [policy-failure] | 2023-12-07T18:27:57Z | 2023-11-17T00:32:16Z |
DigiCert: Late CP/CPS CCADB uploads | 1814197 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [disclosure-failure] | 2023-02-14T20:36:53Z | 2023-01-31T17:39:41Z |
DigiCert: Malformed ICA | 1654967 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ca-misissuance] | 2023-02-22T18:22:24Z | 2020-07-24T03:31:17Z |
DigiCert: Microsoft: Incident report for Microsoft Dynamics incident | 1424305 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [crl-failure] [policy-failure] [disclosure-failure] | 2023-02-22T18:19:38Z | 2017-12-08T17:22:46Z |
DigiCert: Mis-issuance of certificate with https in CN/SAN | 1445857 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:36Z | 2018-03-15T03:22:13Z |
DigiCert: Mis-Issuance Rekey certificates | 1401407 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:17Z | 2017-09-19T23:46:24Z |
DigiCert: Missed Underscore Certificate Revocations | 1526154 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:13Z | 2019-02-08T05:54:10Z |
DigiCert: Missing audits for Intermediate certificates | 1455150 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-failure] | 2023-02-22T18:13:38Z | 2018-04-18T22:56:48Z |
DigiCert: no subject alternative name in Siemens certs | 1017157 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:14Z | 2014-05-28T18:39:18Z |
DigiCert: Non-audited, non-technically-constrained intermediate certificates | 1368176 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] [audit-failure] | 2024-06-30T20:06:13Z | 2017-05-26T21:14:53Z |
DigiCert: Non-BR Compliant Certificates - missing CP/CPS OID | 1339339 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:41Z | 2017-02-14T07:12:56Z |
DigiCert: Non-BR-Compliant OCSP Responders | 1398269 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:42Z | 2017-09-08T18:13:52Z |
DigiCert: OCSP NextUpdate | 1627152 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ocsp-failure] | 2023-02-22T18:14:14Z | 2020-04-03T05:22:11Z |
DigiCert: OCSP not responding issue | 1816806 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ocsp-failure] | 2023-03-09T21:36:21Z | 2023-02-15T00:49:27Z |
DigiCert: OCSP responder returning invalid responses | 1662346 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:25Z | 2020-09-01T06:29:32Z |
DigiCert: OCSP services returns 1 byte | 1577014 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:18Z | 2019-08-27T20:03:41Z |
DigiCert: Onion Certs | 1447192 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:19Z | 2018-03-20T02:33:17Z |
DigiCert: Org information issue in new validation workflow | 1794050 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:43Z | 2022-10-06T22:39:59Z |
DigiCert: Org-JOI type mismatch | 1827772 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-05-04T21:26:43Z | 2023-04-13T02:33:00Z |
DigiCert: P-384,ecdsa-with-SHA512 Certificates | 1527423 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:15Z | 2019-02-12T20:12:36Z |
Digicert: Preview certificate uploaded to CCADB instead of the actual certificate | 1896462 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [policy-failure] | 2024-06-01T13:58:43Z | 2024-05-13T17:20:51Z |
DigiCert: Private Keys Disclosed by Customers as Part of CSR | 1675684 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [uncategorized] | 2023-02-22T18:19:44Z | 2020-11-06T03:14:04Z |
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone | 1409735 | RESOLVED | FIXED | Steven Medin | [ca-compliance] [dv-misissuance] | 2024-05-09T23:37:44Z | 2017-10-18T13:32:33Z |
DigiCert: Revoked intermediate certificates not in CRL | 1548719 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [crl-failure] | 2023-02-22T18:26:12Z | 2019-05-03T00:06:00Z |
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance | 1436173 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:39Z | 2018-02-06T20:53:47Z |
DigiCert: SHA-1 intermediate issued after 2016-01-01 | 1684442 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ca-misissuance] | 2023-02-22T18:19:45Z | 2020-12-29T12:25:40Z |
DigiCert: SHA-256 hash algorithm used with ECC P-384 key | 1664325 | RESOLVED | DUPLICATE | Brenda Bernal | [ca-compliance] [ca-misissuance] | 2023-02-22T18:14:16Z | 2020-09-10T22:57:41Z |
Digicert: SMIME certificate with unvalidated information | 1881364 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] | 2024-03-29T15:03:24Z | 2024-02-21T23:16:10Z |
DigiCert: SMIME certificates issued inconsistent with BR’s | 1853463 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] Next update 2-Oct-2023 | 2023-10-12T10:22:54Z | 2023-09-15T21:16:38Z |
Digicert: SMIME certs missing State in Org ID | 1875205 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] | 2024-01-26T17:08:25Z | 2024-01-18T04:03:53Z |
DigiCert: Sub CA with EV OIDs without audit report | 1838334 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ca-misissuance] | 2023-06-26T15:41:25Z | 2023-06-13T22:07:00Z |
DigiCert: Symantec non-constrained/non-disclosed intermediate CA certificates | 1417771 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] [audit-failure] | 2024-06-30T20:06:39Z | 2017-11-16T03:43:16Z |
DigiCert: TERENA: Insufficient validation of organizationalUnitName | 1675923 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2024-05-09T23:40:11Z | 2020-11-07T10:00:45Z |
DigiCert: TERENA: No localityName in EV precert | 1586604 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-10-06T18:15:40Z |
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension | 1304895 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:19Z | 2016-09-22T22:13:03Z |
DigiCert: TLS certificates with incorrect policy OID | 1845634 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ov-misissuance] | 2023-09-02T17:59:16Z | 2023-07-26T23:26:22Z |
DigiCert: Truncation of Registration Number | 1727963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:48Z | 2021-08-28T03:46:43Z |
DigiCert: Underscore character certificates | 1515564 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:49Z | 2018-12-20T05:53:44Z |
DigiCert: Underscores - Canadian Imperial Bank of Commerce | 1516561 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:17Z | 2018-12-27T19:10:01Z |
DigiCert: Underscores - Citi | 1517617 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:18Z | 2019-01-03T22:32:36Z |
DigiCert: Underscores - CVS Pharmacy | 1515788 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:19Z | 2018-12-20T22:32:16Z |
DigiCert: Underscores - Discover | 1516453 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:20Z | 2018-12-26T18:43:07Z |
DigiCert: Underscores - Ericsson | 1516599 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:22Z | 2018-12-28T04:02:33Z |
DigiCert: Underscores - Intuit | 1519572 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:23Z | 2019-01-11T23:40:27Z |
DigiCert: Underscores - Verizon | 1516545 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:24Z | 2018-12-27T17:02:34Z |
DigiCert: Undisclosed CAs -Federated Trust CA-1 | 1499585 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:20Z | 2018-10-17T00:55:49Z |
DigiCert: Unrevocation of BT Class 2 CA - G2 CA Certificate | 1442091 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:40Z | 2018-03-01T02:24:36Z |
DigiCert: Use of forbidden subjectPublicKeyInfo algorithm | 1518555 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:50Z | 2019-01-08T17:45:36Z |
DigiCert: Validation Scope Incident | 1556948 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:20Z | 2019-06-05T06:00:15Z |
DigiCert: Verizon CPS lacks CPR problem reporting instructions | 1596931 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [policy-failure] | 2024-06-30T20:22:39Z | 2019-11-15T21:41:06Z |
DigiCert: Verizon mis-issued test certificates | 1335132 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:52Z | 2017-01-30T19:24:44Z |
DigiCert: Verizon: "Default City" in Subject:localityName | 1548716 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:25Z | 2019-05-02T23:56:41Z |
DigiCert: WTCA / WTBR Audit 2019 - Matters to be resolved | 1613505 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-finding] | 2023-02-22T18:14:26Z | 2020-02-05T21:26:42Z |
Disig: Failure to Respond to Jun 2023 Apple Root Program Survey | 1846216 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [disclosure-failure] | 2023-09-29T15:34:20Z | 2023-07-31T06:58:44Z |
Disig: Certificates with incorrect Subject attribute order | 1889672 | RESOLVED | FIXED | Jozef Nigut | [ca-compliance] [ov-misissuance] | 2024-06-01T14:10:18Z | 2024-04-04T15:16:17Z |
Disig: CPS does not refer to BR domain validation methods | 1717001 | RESOLVED | INVALID | Peter Miskovic | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-06-17T12:26:35Z |
Disig: Failure to provide a preliminary report within 24 hours. | 1670458 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:05Z | 2020-10-11T08:36:28Z |
Disig: Non-BR-Compliant Certificate Issuance | 1390991 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:24:06Z | 2017-08-16T18:10:26Z |
Disig: Non-BR-Compliant OCSP Responders | 1398242 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:07Z | 2017-09-08T17:39:43Z |
Disig: TLS certificate with basicConstraints not marked as critical | 1888104 | RESOLVED | FIXED | Jozef Nigut | [ca-compliance] [ov-misissuance] | 2024-07-11T15:03:49Z | 2024-03-27T10:37:26Z |
Disig: Two certificates with same serial number | 1907667 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [ov-misissuance] | 2024-08-17T07:39:14Z | 2024-07-12T20:38:40Z |
DocuSign/Keynectis: Missing BR Self Assessment | 1458038 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-04-30T20:33:37Z |
DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance | 1390994 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:17Z | 2017-08-16T18:14:03Z |
DocuSign/Keynectis: Non-BR-Compliant OCSP Responders | 1398247 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:18Z | 2017-09-08T17:49:21Z |
DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates | 1444455 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ca-misissuance] | 2023-02-22T18:17:19Z | 2018-03-09T17:26:39Z |
DocuSign/Keynectis: Outdated audit statements for Class 2 Primary CA | 1447497 | RESOLVED | WORKSFORME | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-03-20T23:26:41Z |
DocuSign/Keynectis: Undisclosed Intermediate certificate | 1497700 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-10-09T22:28:55Z |
DSV-Gruppe: Failure to respond to January 2018 survey | 1439129 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-03-20T15:00:54Z | 2018-02-17T16:23:34Z |
e-commerce monitoring GmbH: Delayed revocation | 1862004 | RESOLVED | WONTFIX | Daniel Zens | [ca-compliance] [leaf-revocation-delay] [external] | 2024-07-09T16:38:25Z | 2023-10-30T15:06:09Z |
e-commerce monitoring gmbh: certificate issued with two pre-certificates | 1830536 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [ov-misissuance] | 2024-05-11T00:31:48Z | 2023-04-28T14:17:57Z |
e-commerce monitoring GmbH: CN domain not in SAN | 1716123 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [ov-misissuance] | 2024-05-25T18:46:20Z | 2021-06-12T10:30:19Z |
e-commerce monitoring GmbH: CRLs with mismatched issuer | 1888371 | RESOLVED | WONTFIX | Daniel Zens | [ca-compliance] [crl-failure] [external] | 2024-07-09T16:38:42Z | 2024-03-28T10:58:07Z |
e-commerce monitoring gmbh: failure to follow incident report requirements | 1893546 | RESOLVED | WONTFIX | Daniel Zens | [ca-compliance] [policy-failure] [external] | 2024-07-09T16:38:56Z | 2024-04-25T21:59:49Z |
e-commerce monitoring gmbh: failure to maintain links to historic CP/CPS versions | 1897457 | RESOLVED | WONTFIX | Daniel Zens | [ca-compliance] [policy-failure] | 2024-07-09T16:39:11Z | 2024-05-17T13:42:49Z |
e-commerce monitoring gmbh: precertificate validity does not match leaf certificate | 1883711 | RESOLVED | WONTFIX | Daniel Zens | [ca-compliance] [ov-misissuance] | 2024-07-09T16:39:27Z | 2024-03-05T17:00:37Z |
e-commerce monitoring GmbH: Revoked test website not using revoked certificate | 1716163 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [policy-failure] | 2024-05-25T18:52:21Z | 2021-06-12T22:52:37Z |
e-commerce monitoring GmbH: SCT in precertificate | 1815534 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [ov-misissuance] [external] | 2024-04-17T17:37:45Z | 2023-02-07T19:33:26Z |
E-Tugra: audit delay because of an environmental disaster/pandemic | 1659426 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [audit-failure] [covid-19] [audit-delay] | 2024-06-30T19:44:06Z | 2020-08-17T12:03:45Z |
E-Tugra: commonName not in SAN | 1687139 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:43Z | 2021-01-16T23:09:01Z |
E-Tugra: Delayed Response of Revocation Request | 1687513 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [policy-failure] | 2023-02-22T18:16:44Z | 2021-01-19T17:13:21Z |
E-Tugra: Failure to respond to January 2018 survey | 1439128 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:45Z | 2018-02-17T16:20:43Z |
E-Tugra: Failure to Respond to May 2022 Survey | 1772414 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:46Z | 2022-06-02T21:43:54Z |
E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6 | 1716902 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [policy-failure] | 2023-02-22T18:16:48Z | 2021-06-17T00:20:44Z |
E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462797 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:49Z | 2018-05-18T20:30:26Z |
E-Tugra: Incident Report (Security Issues) | 1801345 | RESOLVED | FIXED | Ahmed | [ca-compliance] [uncategorized] | 2023-07-21T15:45:27Z | 2022-11-18T16:55:09Z |
E-Tugra: Insufficient serial number entropy | 1542302 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:50Z | 2019-04-05T15:42:33Z |
E-Tugra: Intermediate CA Certificate Missing from Audit Reports | 1716843 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [audit-failure] | 2024-06-30T20:07:16Z | 2021-06-16T17:33:41Z |
E-Tugra: Intermittent OCSP response with status 'Unknown' | 1687330 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:51Z | 2021-01-18T16:55:06Z |
E-Tugra: Invalid DER results in failure to comply with RFC 5280 - Violating string length limit | 1582601 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:52Z | 2019-09-20T00:08:46Z |
E-Tugra: The failure to revoke a certificate | 1687608 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:53Z | 2021-01-20T05:28:49Z |
E-Tugra: Validity period > 825 days | 1449371 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:54Z | 2018-03-27T23:55:44Z |
EDICOM: Signing SHA-1 OCSP responses with unconstrained certificate | 1397830 | RESOLVED | FIXED | Raúl Santisteban | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:03Z | 2017-09-07T17:15:36Z |
eMudhra emSign PKI Services: CA Certificates not published in DER Encoded Format | 1914466 | RESOLVED | FIXED | Naveen Kumar ML | [ca-compliance] [policy-failure] | 2024-10-02T18:33:57Z | 2024-08-22T19:06:31Z |
eMudhra: Audit Delay | 1728790 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [audit-failure] [covid-19] [audit-delay] | 2024-06-30T19:44:30Z | 2021-09-02T13:46:28Z |
eMudhra: CRL occasionally unavailable and returns 404 error | 1821508 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [crl-failure] | 2024-06-30T18:37:37Z | 2023-03-09T22:07:38Z |
eMudhra: emSign CA ECC Test Certificate Misissuance | 1665688 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:28:01Z | 2020-09-17T15:56:40Z |
eMudhra: emSign CA Invalid AIA Extension Value | 1763700 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:59Z | 2022-04-07T20:06:01Z |
eMudhra: emSign CA Invalid OrganizationalUnitName | 1745015 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:00Z | 2021-12-08T17:28:52Z |
eMudhra: Failure to Respond to May 2022 Survey | 1772413 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [disclosure-failure] | 2023-03-20T15:03:21Z | 2022-06-02T21:42:15Z |
Entrust: AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue | 1536287 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:11Z | 2019-03-18T23:35:48Z |
Entrust: Certificate issued with '-' in ST field | 1512018 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:38Z | 2018-12-04T17:58:37Z |
Entrust: Certificate Issued with Incorrect Country Code | 1559376 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:12Z | 2019-06-14T12:56:57Z |
Entrust: Certificate issued with validity greater than 825-days | 1561013 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:39Z | 2019-06-24T17:53:28Z |
Entrust: clientAuth TLS Certificates without serverAuth EKU | 1886467 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [ev-misissuance] | 2024-06-28T19:01:40Z | 2024-03-20T14:42:35Z |
Entrust: Compromised Private Key was not Revoked in Less than 24 Hours | 1611241 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:13Z | 2020-01-23T18:53:38Z |
Entrust: CPR was not responded to in 24 hours | 1885754 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [external] [policy-failure] | 2024-09-13T16:33:42Z | 2024-03-16T22:14:29Z |
Entrust: CPS typographical (text placement) error | 1890896 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [policy-failure] | 2024-08-15T13:35:16Z | 2024-04-11T00:45:36Z |
Entrust: CRL non-conformance with the TLS BRs | 1889217 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [crl-failure] [external] | 2024-07-01T15:09:09Z | 2024-04-02T19:39:57Z |
Entrust: CRLs and OCSP responses not issued as specified in the CPS | 1737057 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:14:41Z | 2021-10-21T13:52:31Z |
Entrust: Delay in Updating CPS | 1887753 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [policy-failure] [ev-misissuance] | 2024-07-12T16:30:01Z | 2024-03-25T20:45:35Z |
Entrust: Delayed incident report - CPS typographical (text placement) error | 1890901 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [policy-failure] | 2024-05-05T19:36:31Z | 2024-04-11T01:04:16Z |
Entrust: Delayed reporting of Jurisdiction issue in some EV TLS & Code Signing certificates | 1898847 | RESOLVED | FIXED | ngook.kong | [ca-compliance] [policy-failure] | 2024-08-15T13:36:14Z | 2024-05-25T03:37:00Z |
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction | 1804753 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-04-19T22:26:20Z | 2022-12-08T19:55:41Z |
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU | 1887705 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [leaf-revocation-delay] | 2024-09-12T12:19:27Z | 2024-03-25T16:44:53Z |
Entrust: EV Certificate missing Issuer’s EV Policy OID | 1888714 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2024-07-11T15:03:29Z | 2024-03-29T21:05:02Z |
Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization" | 1599484 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:14Z | 2019-11-26T16:37:22Z |
Entrust: EV TLS Certificate cPSuri missing | 1883843 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [ev-misissuance] | 2024-08-13T17:19:59Z | 2024-03-06T08:35:58Z |
Entrust: EV TLS Certificate incorrect jurisdiction | 1802916 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-04-24T19:50:18Z | 2022-11-28T15:22:17Z |
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5 | 1890123 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [policy-failure] | 2024-08-13T17:20:21Z | 2024-04-06T13:24:25Z |
Entrust: Failure to provide a preliminary report within 24 hours. | 1667690 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:15Z | 2020-09-27T20:27:55Z |
Entrust: Failure to revoke a certificate | 1636339 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:42Z | 2020-05-08T01:04:59Z |
Entrust: Failure to revoke OV TLS - CPS typographical (text placement) error | 1890898 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [policy-failure] [leaf-revocation-delay] Next update 2024-06-17 | 2024-07-28T14:39:21Z | 2024-04-11T00:52:33Z |
Entrust: Incorrect Business Category Value Discovered in an EV SSL Certificate | 1685370 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:16Z | 2021-01-06T18:43:01Z |
Entrust: Incorrect Jurisdiction Country Value in an EV Certificate | 1696227 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:17Z | 2021-03-03T18:27:38Z |
Entrust: Incorrect keyUsage for ECC certificate | 1667448 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:43Z | 2020-09-25T19:05:40Z |
Entrust: Incorrect value in Business Category field for Government Entities | 1728796 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:42Z | 2021-09-02T14:39:16Z |
Entrust: Invalid data in commonName fields | 1675295 | RESOLVED | INVALID | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-11-04T15:22:54Z |
Entrust: Invalid data in State/Province Field | 1658792 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:18Z | 2020-08-12T18:32:59Z |
Entrust: Invalid localityName | 1712106 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:19Z | 2021-05-20T14:53:44Z |
Entrust: IP Address in dNSName form | 1448986 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:45Z | 2018-03-26T18:51:03Z |
Entrust: IP in dnsName | 1524876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:46Z | 2019-02-03T19:19:45Z |
Entrust: Issued Certificates to incorrect Organization | 1535735 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:20Z | 2019-03-15T20:45:13Z |
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates | 1897630 | RESOLVED | FIXED | ngook.kong | [ca-compliance] [ev-misissuance] | 2024-08-15T13:35:41Z | 2024-05-19T02:42:21Z |
Entrust: Jurisdiction Locality Wrong in EV Certificate | 1867130 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] Next update 2024-01-31 | 2024-05-10T15:42:20Z | 2023-11-28T21:11:24Z |
Entrust: Late mis-issue certificate revocation | 1520876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:47Z | 2019-01-17T19:12:21Z |
Entrust: Late Revocation due to SHA-256 hash algorithm | 1651481 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:48Z | 2020-07-08T20:27:50Z |
Entrust: Late Revocation for Invalid State/Province Issue | 1658794 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:21Z | 2020-08-12T18:38:52Z |
Entrust: Late Revocation for SSL Certificates issued with Un-verified IP Addresses | 1748634 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:49Z | 2022-01-05T13:46:41Z |
Entrust: Late revocation of underscore certificate | 1521520 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:50Z | 2019-01-21T14:40:19Z |
Entrust: Non-BR-Compliant Certificate Issuance | 1390996 | RESOLVED | FIXED | Kirk Hall | [ca-compliance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:21:04Z | 2017-08-16T18:19:28Z |
Entrust: Non-BR-Compliant OCSP Responder | 1428891 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ocsp-failure] | 2023-02-22T18:14:51Z | 2018-01-08T21:13:13Z |
Entrust: OCSP response signed with SHA-1 | 1879602 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ocsp-failure] | 2024-07-19T17:47:10Z | 2024-02-09T18:13:00Z |
Entrust: Outdated audit statement for intermediate cert | 1549862 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [audit-failure] | 2023-02-22T18:14:52Z | 2019-05-07T22:19:51Z |
Entrust: Printable String Constraint Failure | 1635096 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:53Z | 2020-05-04T12:31:25Z |
Entrust: Question marks in certificate O and L fields | 1552562 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:54Z | 2019-05-17T18:33:20Z |
Entrust: S/MIME Certificate Issued with Incorrect Policy OID | 1627346 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [uncategorized] | 2023-02-22T18:14:55Z | 2020-04-03T19:59:04Z |
Entrust: SHA-1 Issuance and other misissuance while testing | 1567659 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:56Z | 2019-07-20T02:20:56Z |
Entrust: SHA-256 hash algorithm used with ECC P-384 key | 1648472 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2024-06-30T05:20:18Z | 2020-06-25T13:39:29Z |
Entrust: SSL Certificates issued with Un-verified IP Addresses | 1744827 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2024-03-08T07:27:48Z | 2021-12-07T20:26:09Z |
Entrust: Subscriber provides private key with CSR | 1673119 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:00Z | 2020-10-23T23:12:14Z |
Entrust: Test Website Certificates Expired | 1731887 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [uncategorized] | 2023-02-22T18:15:01Z | 2021-09-21T20:44:28Z |
Entrust: TLS Certificate issued with a key that is impacted by the Close Primes vulnerability | 1766525 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:02Z | 2022-04-26T21:31:15Z |
Entrust: TLS Certificate issued with an incorrect state or province | 1792231 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-04-19T22:25:51Z | 2022-09-23T17:25:40Z |
Firmaprofesional / SIGNE: No BR Audit for intermediate CA technically capable of issuing TLS certs | 1586115 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-failure] | 2024-06-30T20:07:43Z | 2019-10-03T21:24:15Z |
Firmaprofesional: 2019 audit Finding #1 - 6.2 Identification and Authorization | 1610448 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:49Z | 2020-01-21T09:42:06Z |
Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls | 1612929 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:50Z | 2020-02-03T17:49:55Z |
Firmaprofesional: 2019 Audit Report Findings | 1606380 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:51Z | 2019-12-30T22:54:26Z |
Firmaprofesional: 2020 Audit Report Finding 1 out of 4 | 1649502 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:52Z | 2020-06-30T16:38:26Z |
Firmaprofesional: 2020 Audit Report Finding 2 out of 4 | 1649679 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:22:58Z | 2020-07-01T06:51:44Z |
Firmaprofesional: 2020 Audit Report Finding 3 out of 4 | 1649724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:22:59Z | 2020-07-01T11:35:20Z |
Firmaprofesional: 2020 Audit Report Finding 4 out of 4 | 1649726 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:00Z | 2020-07-01T11:39:42Z |
Firmaprofesional: 2021 Audit Report Finding 1 out of 3 | 1717790 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:02Z | 2021-06-23T09:20:38Z |
Firmaprofesional: 2021 Audit Report Finding 2 out of 3 | 1717791 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:03Z | 2021-06-23T09:24:55Z |
Firmaprofesional: 2021 Audit Report Finding 3 out of 3 | 1717795 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:04Z | 2021-06-23T09:28:31Z |
Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL | 1771724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [policy-failure] [audit-finding] | 2023-02-22T18:23:05Z | 2022-05-30T10:49:52Z |
Firmaprofesional: 2022 - Define Device Obsolescence Process | 1771727 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:06Z | 2022-05-30T10:56:50Z |
Firmaprofesional: 2022 - SSL certificates issued with wrong Organization ID number | 1769240 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:07Z | 2022-05-13T11:53:50Z |
Firmaprofesional: 2022 - StateorProvince field | 1771715 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:08Z | 2022-05-30T09:34:41Z |
Firmaprofesional: 2022 - Title field | 1771722 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:09Z | 2022-05-30T10:40:30Z |
Firmaprofesional: 2023 - documentary inconsistency | 1832342 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-finding] | 2023-10-12T10:25:32Z | 2023-05-10T16:02:45Z |
Firmaprofesional: 2023 - Ensure Timestamp service Logs Integrity | 1832338 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2023-06-08T16:44:58Z | 2023-05-10T15:19:49Z |
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy | 1538638 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:53Z | 2019-03-25T09:14:32Z |
FIRMAPROFESIONAL: Delayed leaf revocation | 1891251 | RESOLVED | FIXED | ext-antoni.camon | [ca-compliance] [leaf-revocation-delay] | 2024-06-01T14:07:52Z | 2024-04-12T16:11:20Z |
Firmaprofesional: Failure to Respond to April 2023 Survey | 1838864 | RESOLVED | INVALID | Maria Jose Prieto | [ca-compliance] [disclosure-failure] | 2023-07-14T18:26:06Z | 2023-06-16T13:12:27Z |
Firmaprofesional: Failure to revoke ICAs within 7 days: OCSP EKU | 1651637 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:23:10Z | 2020-07-09T10:39:54Z |
Firmaprofesional: Incorrect OCSP Delegated Responder Certificate | 1649943 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:54Z | 2020-07-02T01:35:16Z |
Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates | 1700145 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:55Z | 2021-03-22T16:45:17Z |
Firmaprofesional: Insufficient Audit Statements | 1412950 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:45:20Z | 2017-10-30T18:47:25Z |
Firmaprofesional: Missing BR Self Assessment | 1458064 | RESOLVED | FIXED | chemalogo | [ca-compliance] [uncategorized] | 2023-02-22T18:15:56Z | 2018-04-30T21:44:22Z |
Firmaprofesional: Non-audited, non-technically-constrained intermediate certificates | 1368171 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] [audit-failure] | 2024-06-30T20:08:03Z | 2017-05-26T20:55:54Z |
Firmaprofesional: Non-BR-Compliant OCSP Responders | 1398240 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:57Z | 2017-09-08T17:34:41Z |
Firmaprofesional: Policy Qualifiers other than id-qt-cps present for certificate | 1889420 | RESOLVED | FIXED | ext-antoni.camon | [ca-compliance] [ov-misissuance] | 2024-09-04T16:07:42Z | 2024-04-03T15:46:27Z |
Firmaprofesional: Undisclosed Intermediate certificate | 1455119 | RESOLVED | FIXED | chemalogo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:15:58Z | 2018-04-18T21:04:01Z |
Firmaprofesional: Undisclosed Intermediate certificate SDS | 1464359 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:27Z | 2018-05-25T09:47:26Z |
Firmaprofesional: Undisclosed Intermediate certificate SIGNE | 1464335 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:28Z | 2018-05-25T08:24:46Z |
FNMT: Certificates issued included Policy qualifiers other than id-qt-cps | 1875942 | RESOLVED | FIXED | Amaya Espinosa | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2024-08-28T21:35:31Z | 2024-01-22T23:10:58Z |
FNMT: CP/CPS lack CAA processing details | 1596949 | RESOLVED | FIXED | alain | [ca-compliance] [policy-failure] | 2023-02-22T18:12:10Z | 2019-11-15T22:27:36Z |
FNMT: CRL problems displayed during the monitoring | 1828717 | RESOLVED | FIXED | Amaya Espinosa | [ca-compliance] [crl-failure] | 2023-09-29T15:32:36Z | 2023-04-18T17:17:07Z |
FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. | 1544586 | RESOLVED | FIXED | alain | [ca-compliance] [uncategorized] | 2023-02-22T18:12:11Z | 2019-04-15T22:25:26Z |
FNMT: Invalid localityName | 1744722 | RESOLVED | FIXED | alain | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:06Z | 2021-12-07T10:38:10Z |
FNMT: Issuance of QCP-n certificates without verifying identity | 1693304 | RESOLVED | FIXED | alain | [ca-compliance] [uncategorized] | 2023-02-22T18:12:07Z | 2021-02-17T14:02:23Z |
FNMT: Minor non-conformities in 2020 audit statement | 1626805 | RESOLVED | FIXED | alain | [ca-compliance] [audit-finding] | 2023-02-22T18:12:08Z | 2020-04-01T23:38:58Z |
FNMT: Minor non-conformities in 2021 audit statement | 1704199 | RESOLVED | FIXED | Brox | [ca-compliance] [audit-finding] | 2023-02-22T18:26:06Z | 2021-04-09T21:23:10Z |
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID | 1696872 | RESOLVED | FIXED | alain | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:12:09Z | 2021-03-08T09:13:02Z |
FNMT: OU exceeds 64 characters | 1495507 | RESOLVED | FIXED | Rafa Medina | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:37Z | 2018-10-01T18:20:02Z |
FNMT: QC Statement that contains at least one of the ETSI ESI statements | 1625421 | RESOLVED | INVALID | alain | [ca-compliance] | 2024-05-09T23:21:51Z | 2020-03-27T09:47:46Z |
GDCA: Authentication of Organization Identity Failure for an OV Certificate | 1546253 | RESOLVED | FIXED | capoc | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:25Z | 2019-04-23T01:19:15Z |
GDCA: CRL validity period exceeds allowed value by one second | 1738191 | RESOLVED | FIXED | capoc | [ca-compliance] [crl-failure] | 2023-02-22T18:15:26Z | 2021-10-28T07:23:51Z |
GDCA: Incorrect Value in organizationName Field | 1662382 | RESOLVED | FIXED | capoc | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:29Z | 2020-09-01T10:22:24Z |
GDCA: Insufficient Serial Number Entropy | 1536831 | RESOLVED | FIXED | capoc | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:27Z | 2019-03-20T14:55:16Z |
GDCA: Misissuance of certificates with IP address | 1475563 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-07-13T14:53:18Z |
GDCA: Misissuance of certificates with small RSA keys | 1467414 | RESOLVED | FIXED | capoc | [ca-compliance] [dv-misissuance] | 2023-02-22T18:15:28Z | 2018-06-07T10:07:18Z |
Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420766 | RESOLVED | INVALID | Linus Hallberg | [ca-compliance] | 2024-05-09T20:55:38Z | 2017-11-26T21:44:51Z |
GlobalSign: 4 Misissued certificates with invalid CN | 1552586 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:25Z | 2019-05-17T20:34:31Z |
GlobalSign: AT&T Insufficient Serial Number Entropy | 1535873 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:26Z | 2019-03-16T23:42:10Z |
GlobalSign: AT&T SSL certificates without the AIA extension | 1547691 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:27Z | 2019-04-29T12:32:41Z |
GlobalSign: Certificate issued to FQDN with malformed CAA | 1759854 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:00Z | 2022-03-16T13:32:08Z |
GlobalSign: Certificate issued with RSASSA-PSS public key | 1630870 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [dv-misissuance] | 2023-02-22T18:23:37Z | 2020-04-17T07:55:18Z |
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8 | 1654896 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:04Z | 2020-07-23T20:27:31Z |
GlobalSign: CRL contains invalid signature algorithm | 1793441 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2023-02-22T18:16:01Z | 2022-10-03T13:32:09Z |
GlobalSign: CRLs reported in CCADB unavailable | 1829195 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [disclosure-failure] | 2023-05-04T21:28:27Z | 2023-04-20T17:27:16Z |
GlobalSign: Cross Certificate with non-conforming CABF Policy OIDs | 1650018 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:05Z | 2020-07-02T09:04:20Z |
GlobalSign: Empty SingleExtension in OCSP responses | 1667944 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [ocsp-failure] | 2023-02-22T18:23:38Z | 2020-09-29T08:35:25Z |
GlobalSign: EV certificate with wildcard domain in common name and SAN | 1782391 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:02Z | 2022-07-31T06:35:28Z |
GlobalSign: EV certificates with serialNumber Government Entity and businessCategory Private Organization | 1744518 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:39Z | 2021-12-06T12:41:44Z |
GlobalSign: EV TLS certificate with only metadata in JOI State field | 1850091 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] Next update 2023-10-02 | 2023-10-12T10:48:35Z | 2023-08-25T07:11:45Z |
GlobalSign: Failure to provide a preliminary report within 24 hours | 1668005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:06Z | 2020-09-29T13:41:33Z |
GlobalSign: Failure to revoke 2 noncompliant QWACs within 5 days | 1625445 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:40Z | 2020-03-27T11:58:01Z |
GlobalSign: Failure to revoke key-compromised certificate within 24 hours | 1639799 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:07Z | 2020-05-21T07:01:12Z |
GlobalSign: Failure to revoke noncompliant certificates within 5 days | 1654545 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:08Z | 2020-07-22T14:23:35Z |
GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1651447 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:10Z | 2020-07-08T18:43:10Z |
GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1599788 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:09Z | 2019-11-27T15:30:34Z |
GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report | 1591005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:11Z | 2019-10-24T08:42:50Z |
GlobalSign: Incapsula issued a certificate for non-existing domain (testslsslfeb20.me) | 1353833 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:16Z | 2017-04-05T18:49:26Z |
GlobalSign: Incorrect Jurisdiction of Incorporation information for Japan | 1658932 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:33Z | 2020-08-13T14:20:38Z |
GlobalSign: Incorrect OCSP Delegated Responder Certificate | 1649937 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:29Z | 2020-07-02T01:12:27Z |
GlobalSign: Incorrect RegNumber-Org Type combination | 1714968 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:34Z | 2021-06-07T10:09:01Z |
GlobalSign: Invalid countryName | 1707073 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:35Z | 2021-04-22T19:16:07Z |
GlobalSign: Invalid stateOrProvinceName and locality pair | 1708834 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:12Z | 2021-04-30T21:55:45Z |
GlobalSign: Invalid stateOrProvinceName value | 1668007 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:13Z | 2020-09-29T13:50:05Z |
GlobalSign: IP in dnsName | 1524877 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:30Z | 2019-02-03T19:26:29Z |
GlobalSign: Issuance of test certificate (pre-certificate) for EV SSL/QWAC with no EKU extension | 1836443 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] | 2024-06-30T19:20:32Z | 2023-06-02T08:48:06Z |
GlobalSign: Misissuance of QWAC Certificates | 1623356 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [uncategorized] | 2023-02-22T18:16:31Z | 2020-03-18T15:18:06Z |
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields | 1390997 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:21:35Z | 2017-08-16T18:22:12Z |
GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName | 1393555 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:21:36Z | 2017-08-24T18:28:31Z |
GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits | 1393557 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] [ocsp-failure] | 2023-02-22T18:21:37Z | 2017-08-24T18:31:40Z |
GlobalSign: OCSP responder certificates with more than 64 characters in CN | 1760311 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:03Z | 2022-03-18T15:38:28Z |
GlobalSign: OCSP Responder Returns invalid values for Some Precertificates | 1579413 | RESOLVED | INVALID | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-06T13:16:29Z |
GlobalSign: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1605372 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:33Z | 2019-12-20T13:54:18Z |
GlobalSign: OCSP Status HTTP 530 | 1622505 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:14Z | 2020-03-14T09:46:51Z |
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31 | 1690807 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:36Z | 2021-02-04T15:17:11Z |
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName | 1866806 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [smime-misissuance] | 2024-02-01T22:07:54Z | 2023-11-27T15:09:35Z |
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key | 1664328 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:15Z | 2020-09-10T23:20:29Z |
GlobalSign: SPKI lacks explicit NULL parameter, | 1554259 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:16:34Z | 2019-05-24T17:27:53Z |
GlobalSign: SSL Certificates with US country code and invalid State/Prov | 1575880 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:35Z | 2019-08-22T15:15:29Z |
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold” | 1845803 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2023-09-08T20:17:16Z | 2023-07-27T18:40:48Z |
GlobalSign: TLS OV Certificate containing unverified information | 1870276 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ov-misissuance] | 2024-01-24T17:37:06Z | 2023-12-15T14:52:39Z |
GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise | 1620922 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:16Z | 2020-03-09T07:55:46Z |
GlobalSign: Use of Domain Validation Random Value for more than 30 days | 1654544 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [dv-misissuance] | 2023-02-22T18:13:17Z | 2020-07-22T14:15:45Z |
GlobalSign: Virginia Tech Insufficient Serial Number Entropy | 1536760 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:36Z | 2019-03-20T10:35:05Z |
GlobalSign: Wrong business category (Non Commercial Entity when should have been Private Organization) | 1599775 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:32Z | 2019-11-27T15:06:13Z |
GoDaddy: Document Reuse Issue | 1646226 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:00Z | 2020-06-17T00:22:16Z |
GoDaddy: Action Items | 1341014 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:21:17Z | 2017-02-20T11:42:25Z |
GoDaddy: Agreed-Upon Website Domain Validation Method Issue | 1647030 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [dv-misissuance] | 2024-06-30T03:30:15Z | 2020-06-20T01:04:38Z |
GoDaddy: Certificates issued with validity periods greater than 398-days | 1662807 | RESOLVED | FIXED | Joanna | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:19:57Z | 2020-09-02T16:15:37Z |
GoDaddy: CPR responses greater than 24 hours | 1734953 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [policy-failure] | 2024-06-30T20:23:46Z | 2021-10-08T23:18:01Z |
GoDaddy: CPR was not responded to in 24 hours | 1902868 | RESOLVED | FIXED | Johnny | [ca-compliance] [policy-failure] | 2024-08-21T14:40:17Z | 2024-06-15T20:49:32Z |
GoDaddy: CRL Issuer Mismatch | 1829024 | RESOLVED | FIXED | daryn | [ca-compliance] [disclosure-failure] | 2023-05-05T20:09:23Z | 2023-04-19T23:38:58Z |
GoDaddy: CRLs are version 1 and lack CRL Number extension | 1793642 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [crl-failure] | 2023-01-15T18:11:01Z | 2022-10-04T16:55:34Z |
GoDaddy: cross certificate disclosure to CCADB | 1572234 | RESOLVED | FIXED | Joanna | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:58Z | 2019-08-07T21:41:17Z |
GoDaddy: Domain Validation Reuse Issue | 1605804 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:19:59Z | 2019-12-24T00:39:01Z |
GoDaddy: DV certificates with organizationalUnit field in subject | 1662810 | RESOLVED | FIXED | Joanna | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:00Z | 2020-09-02T16:19:52Z |
GoDaddy: Expired CRLs | 1645832 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [crl-failure] | 2023-02-22T18:17:02Z | 2020-06-15T15:59:20Z |
GoDaddy: Failure to respond to January 2018 survey | 1439123 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:37Z | 2018-02-17T16:12:18Z |
GoDaddy: Failure to revoke 210 subscriber certificates within 24 hours | 1793848 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:30Z | 2022-10-05T20:25:49Z |
GoDaddy: Failure to revoke certificate with compromised key within 24 hours | 1640310 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:03Z | 2020-05-22T22:29:58Z |
GoDaddy: Failure to revoke key-compromised certificates within 24 hours | 1639798 | RESOLVED | DUPLICATE | Joanna | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:01Z | 2020-05-21T06:55:17Z |
GoDaddy: Failure to Revoke Subscriber Certificates within 24 hours | 1742657 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:31Z | 2021-11-23T17:34:38Z |
GoDaddy: failure to revoke underscores | 1524815 | RESOLVED | FIXED | Joanna | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:02Z | 2019-02-03T00:05:02Z |
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462844 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:38Z | 2018-05-19T00:56:14Z |
GoDaddy: improperly encoded certificate issued by Go Daddy Secure Certification Authority | 988633 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:18Z | 2014-03-26T23:51:38Z |
GoDaddy: inconsistent disclosure of externally-operated intermediate | 1567061 | RESOLVED | FIXED | Joanna | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:03Z | 2019-07-18T04:15:50Z |
GoDaddy: Insufficient serial number entropy | 1533774 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:20:04Z | 2019-03-08T16:03:12Z |
GoDaddy: Issued EV Wildcard Certificate | 1731939 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:32Z | 2021-09-22T04:35:33Z |
GoDaddy: Issues with State and Country fields | 1577913 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:05Z | 2019-08-30T22:17:38Z |
GoDaddy: Misissuance of Cross Signed Certs | 1777128 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ca-misissuance] | 2023-02-22T18:14:33Z | 2022-06-28T22:50:42Z |
GoDaddy: Non-BR-Compliant Certificate Issuance | 1391429 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [dv-misissuance] | 2024-02-27T10:44:09Z | 2017-08-17T21:50:30Z |
GoDaddy: OV Documentation Reuse | 1759959 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:34Z | 2022-03-17T02:54:05Z |
GoDaddy: Random Value Vulnerability in Domain Validation Method | 1484766 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [dv-misissuance] | 2024-06-30T03:31:10Z | 2018-08-20T17:32:59Z |
GoDaddy: Reported TLS Certificate Private Key Exposure | 1742602 | RESOLVED | DUPLICATE | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:35Z | 2021-11-23T14:05:44Z |
GoDaddy: Root CRLs exceed maximum validity period by 1 second | 1734265 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [crl-failure] | 2023-02-22T18:14:36Z | 2021-10-06T00:24:22Z |
Google Trust Services: 63 bit serial numbers in some certificates | 1532842 | RESOLVED | FIXED | ryan_hurst | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:05Z | 2019-03-06T01:14:23Z |
Google Trust Services: Certificates not disclosed in CCADB | 1667844 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:51Z | 2020-09-28T18:02:27Z |
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3 | 1581183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [crl-failure] | 2023-02-22T18:13:20Z | 2019-09-13T17:48:53Z |
Google Trust Services: CRL validity period set to expected value plus one second | 1731164 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [crl-failure] | 2023-02-22T18:15:18Z | 2021-09-16T23:57:08Z |
Google Trust Services: Delayed publication of CPS removing DNS Operator Exception | 1729097 | RESOLVED | FIXED | Brett L | [ca-compliance] [policy-failure] | 2023-02-22T18:23:36Z | 2021-09-03T22:08:57Z |
Google Trust Services: digitalSignature KeyUsage not set | 1652581 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:21Z | 2020-07-13T21:30:47Z |
Google Trust Services: Failure to properly validate IP address | 1876593 | RESOLVED | FIXED | Google Trust Services | [ca-compliance] [dv-misissuance] | 2024-06-06T05:12:12Z | 2024-01-25T18:58:10Z |
Google Trust Services: Failure to provide preliminary report within 24h | 1770510 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [disclosure-failure] | 2023-05-04T21:31:12Z | 2022-05-20T20:38:40Z |
Google Trust Services: Failure to provide regular and timely incident updates | 1708516 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:23Z | 2021-04-29T18:27:28Z |
Google Trust Services: Failure to respond to CPR within 24 hours | 1837519 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [policy-failure] Next update 2023-Oct-27 | 2023-11-02T16:07:47Z | 2023-06-08T21:51:16Z |
Google Trust Services: Failure to revoke subscriber certificates within BR timeframe | 1715421 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:47Z | 2021-06-09T01:39:26Z |
Google Trust Services: Failure to send preliminary report to subscriber within 24h | 1783272 | RESOLVED | FIXED | kylepomalley | [ca-compliance] [policy-failure] | 2023-02-22T18:21:33Z | 2022-08-04T19:46:46Z |
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10 | 1706967 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [policy-failure] | 2023-02-22T18:13:24Z | 2021-04-22T12:31:45Z |
Google Trust Services: Improper OCSP response for intermediate certificate | 1522975 | RESOLVED | FIXED | kluge | [ca-compliance] [ocsp-failure] | 2023-02-22T18:21:05Z | 2019-01-25T21:00:40Z |
Google Trust Services: Incorrect OCSP response for issued certificate | 1758372 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:20Z | 2022-03-07T15:51:07Z |
Google Trust Services: Incorrect OCSP responses for certain certificates | 1773556 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:21Z | 2022-06-09T20:24:53Z |
Google Trust Services: Incorrect OCSP responses for new ICAs under test | 1882904 | RESOLVED | FIXED | Google Trust Services | [ca-compliance] [ocsp-failure] Next update 2024-04-26 | 2024-05-05T19:20:48Z | 2024-02-29T22:32:18Z |
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4 | 1634795 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:25Z | 2020-05-01T22:08:31Z |
Google Trust Services: incorrect SCT in certificate | 1815874 | RESOLVED | FIXED | James Longmore | [ca-compliance] [dv-misissuance] | 2023-03-20T17:05:08Z | 2023-02-09T13:33:20Z |
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses | 1678183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:26Z | 2020-11-19T01:07:08Z |
Google Trust Services: invalid CRL reason code | 1793467 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [crl-failure] | 2023-02-22T18:15:22Z | 2022-10-03T16:44:52Z |
Google Trust Services: invalid curve-hash combination | 1612389 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:27Z | 2020-01-30T16:35:02Z |
Google Trust Services: Invalid OCSP responses | 1630079 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:28Z | 2020-04-14T22:12:41Z |
Google Trust Services: Mis-issued certificates for citi.com subdomain due to lack of CAA record checking | 1809864 | RESOLVED | INVALID | James Longmore | [ca-compliance] [dv-misissuance] | 2024-05-09T23:21:26Z | 2023-01-12T11:25:14Z |
Google Trust Services: OCSP responses not published in a timely manner | 1771552 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:24Z | 2022-05-27T21:42:16Z |
Google Trust Services: OCSP serving issue 2020-04-09 | 1630040 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:29Z | 2020-04-14T20:03:13Z |
Google Trust Services: Out-of-date CPS disclosure | 1706976 | RESOLVED | INVALID | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-04-22T12:56:37Z |
Google Trust Services: Revocation data publication delay for revoked unused subordinate CAs | 1838707 | RESOLVED | FIXED | Nick Naziridis | [ca-compliance] Next update 2023-07-28 | 2023-07-28T22:11:25Z | 2023-06-15T18:34:36Z |
Google Trust Services: Signing SHA-1 Hash for existing CA certificate with changes in Key Usage | 1709223 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] [ca-misissuance] | 2023-02-22T18:24:52Z | 2021-05-03T23:38:30Z |
Google Trust Services: SXG certificates issued without correctly checking CAA restrictions | 1902670 | RESOLVED | FIXED | Google Trust Services | [ca-compliance] [uncategorized] | 2024-07-31T18:31:10Z | 2024-06-14T14:27:02Z |
Google Trust Services: Tracking bug for possible audit delays (audit due 2020-12) | 1625498 | RESOLVED | INVALID | kluge | [ca-compliance] [audit-delay] [covid-19] | 2022-11-14T22:22:57Z | 2020-03-27T16:02:20Z |
Google Trust Services: uses "DNSSec-mostly" and DTPs for DNS resolution | 1873739 | RESOLVED | INVALID | Google Trust Services | [ca-compliance] [uncategorized] [external] | 2024-02-09T18:18:32Z | 2024-01-09T19:34:53Z |
GRCA: ALV failures on intermediate certificates | 1614448 | RESOLVED | FIXED | National Development Council | [ca-compliance] [audit-failure] | 2024-06-30T19:45:39Z | 2020-02-10T19:45:20Z |
GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions | 1523221 | RESOLVED | FIXED | National Development Council | [ca-compliance] [uncategorized] | 2023-02-22T18:18:05Z | 2019-01-28T05:05:53Z |
GRCA: Misissued certificates: Invalid commonName, commonName not in SAN | 1463975 | RESOLVED | FIXED | National Development Council | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:06Z | 2018-05-24T03:50:51Z |
GRCA: Signing SHA-1 OCSP responses with unconstrained certificate | 1397832 | RESOLVED | FIXED | National Development Council | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:07Z | 2017-09-07T17:18:45Z |
HARICA: 3 EV TLS Certificates without L or ST | 1597135 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:07Z | 2019-11-17T20:13:11Z |
HARICA: Anomaly in OCSP services after CA software upgrade | 1878106 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ocsp-failure] | 2024-03-08T15:19:58Z | 2024-02-01T19:18:03Z |
HARICA: Certificates with invalid policy tree | 1699796 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:08Z | 2021-03-19T19:16:26Z |
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days | 1651465 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:20:09Z | 2020-07-08T19:47:06Z |
HARICA: Incorrect OCSP Delegated Responder Certificate | 1649945 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:10Z | 2020-07-02T01:40:46Z |
HARICA: Insufficient serial number entropy | 1535509 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:11Z | 2019-03-15T01:15:10Z |
HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1580393 | RESOLVED | INVALID | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-11T04:37:09Z |
HARICA: P-384,ecdsa-with-SHA256 Certificates | 1530971 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:13Z | 2019-02-27T10:18:46Z |
HARICA: subject:organizationIdentifier using VATEL as a prefix for tax identifier | 1872374 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ev-misissuance] | 2024-01-24T17:37:24Z | 2023-12-29T16:33:04Z |
HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates | 1535772 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:14Z | 2019-03-15T23:05:03Z |
Hongkong Post / Certizen: Failure to report misissuance | 1520299 | RESOLVED | FIXED | Man Ho | [ca-compliance] [policy-failure] | 2023-02-22T18:21:50Z | 2019-01-15T21:06:22Z |
Hongkong Post: Delayed response to CPR | 1886722 | RESOLVED | FIXED | Man Ho | [ca-compliance] [policy-failure] | 2024-08-28T21:36:57Z | 2024-03-21T11:36:56Z |
Hongkong Post: Invalid EV cert businessCategory | 1836694 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ev-misissuance] | 2023-09-29T15:35:32Z | 2023-06-05T03:11:11Z |
Hongkong Post: Subject CN converted to Unicode representation incident | 1804843 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ov-misissuance] | 2023-04-19T22:25:15Z | 2022-12-09T07:50:43Z |
Hongkong Post: TLS certificates with basicConstraints not marked as critical | 1887008 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ov-misissuance] | 2024-08-28T21:35:55Z | 2024-03-22T13:11:35Z |
Hongkong Post: TLS certificates with Certificate Policies extension that does not assert http scheme | 1886406 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ov-misissuance] | 2024-08-28T21:36:09Z | 2024-03-20T11:23:23Z |
IdenTrust: Bad OCSP Responses | 1806728 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-05-05T20:09:41Z | 2022-12-20T20:55:42Z |
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement | 1850807 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [policy-failure] | 2023-09-29T15:35:19Z | 2023-08-30T18:31:37Z |
IdenTrust: Certificate with missing details flagged by OCSP Watch | 1838315 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] Next update 2023-09-30 | 2023-10-12T10:25:58Z | 2023-06-13T19:55:42Z |
IdenTrust: Certificates with Invalid values for stateOrProvinceName | 1718552 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:33Z | 2021-06-28T17:20:19Z |
IdenTrust: CRL Potential Publication Delay due to Cache | 1775454 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:32Z | 2022-06-22T11:51:08Z |
IdenTrust: Delay beyond 5 days in revoking misissued certificates | 1851710 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [leaf-revocation-delay] | 2024-01-04T20:52:39Z | 2023-09-05T22:28:06Z |
IdenTrust: Delay Revocation for EV SSL Certificates | 1757247 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:34Z | 2022-02-25T22:50:18Z |
IdenTrust: Discrepancy in values of address fields within CN of SSL Certificates | 1526099 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:35Z | 2019-02-07T23:46:02Z |
IdenTrust: duplicate Certificate in error flagged by OCSP Watch | 1831004 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2024-05-09T19:13:23Z | 2023-05-02T22:00:45Z |
IdenTrust: EV TLS certificate with invalid Jurisdiction state for government entity | 1756261 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:36Z | 2022-02-18T23:40:47Z |
IdenTrust: EV TLS certificate with wrong jurisdiction state for private organization | 1756850 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:37Z | 2022-02-23T18:23:38Z |
IdenTrust: Expired CRL served | 1870402 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2024-06-30T18:38:39Z | 2023-12-15T22:32:23Z |
IdenTrust: Expired CRLs | 1792111 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:30Z | 2022-09-22T23:14:38Z |
IdenTrust: Expired ICAs CRLs | 1854465 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-11-02T16:07:11Z | 2023-09-21T20:14:19Z |
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days | 1542082 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:38Z | 2019-04-04T23:38:41Z |
IdenTrust: Failure to provide OCSP responses for valid ICA certificates | 1758213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:39Z | 2022-03-05T00:23:59Z |
IdenTrust: Failure to Revoke Subscriber Certificates Within 5 days | 1736706 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:40Z | 2021-10-19T20:57:55Z |
IdenTrust: Improper encoding of wildcard certificate | 1446121 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:41Z | 2018-03-15T19:45:15Z |
IdenTrust: Inaccurate CRL Details in CCADB | 1818833 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2023-03-20T17:04:44Z | 2023-02-24T22:53:18Z |
IdenTrust: Inconsistent Disclosure of Externally-Operated Intermediate | 1671410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2024-06-30T02:08:37Z | 2020-10-15T14:34:31Z |
IdenTrust: Incorrect Subject Details for HydrantId | 1635279 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:42Z | 2020-05-04T22:04:47Z |
IdenTrust: Intermitent interruptions to DNS service | 1734906 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:31Z | 2021-10-08T17:35:25Z |
IdenTrust: Intermittent issuance/validation failures and website outage | 1778788 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:25:27Z | 2022-07-08T22:01:52Z |
IdenTrust: Internal names / failure to report | 1500593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:43Z | 2018-10-19T20:46:40Z |
IdenTrust: Invalid OCSP Response Held in Cache | 1678410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:44Z | 2020-11-19T19:26:17Z |
IdenTrust: Invalid OrganizationIdentifier in S/MIME certificates | 1900492 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [smime-misissuance] | 2024-06-21T16:12:22Z | 2024-06-03T23:01:42Z |
IdenTrust: Invalid special characters in S/MIME Certificates | 1910195 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [smime-misissuance] | 2024-09-06T15:14:36Z | 2024-07-26T21:53:03Z |
IdenTrust: Issuance of certificates greater than 398 days | 1663080 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:45Z | 2020-09-03T22:20:58Z |
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days | 1744627 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:46Z | 2021-12-06T23:19:03Z |
IdenTrust: Issuance of Subordinate CA’s Without EKU | 1669594 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ca-misissuance] | 2023-02-22T18:25:47Z | 2020-10-06T22:01:50Z |
IdenTrust: Mis-Issued EV Certificates | 1734917 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:48Z | 2021-10-08T18:09:31Z |
IdenTrust: Mis-Issued EV Code Signing Certificate | 1796715 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [uncategorized] | 2023-02-22T18:25:49Z | 2022-10-20T23:55:06Z |
IdenTrust: Missing Revocation Reasons in CRL | 1794047 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:28Z | 2022-10-06T22:03:10Z |
IdenTrust: Missing Thumbprints for Intermediate CA certificates In Some Annual Audit Reports | 1588213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [audit-failure] | 2024-06-30T20:08:31Z | 2019-10-11T21:12:01Z |
IdenTrust: Non-BR-Compliant Certificate Issuance | 1391000 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] [ca-misissuance] [ev-misissuance] [disclosure-failure] | 2023-02-22T18:28:03Z | 2017-08-16T18:28:55Z |
IdenTrust: Non-BR-Compliant OCSP Responders | 1398255 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:04Z | 2017-09-08T17:57:19Z |
IdenTrust: OCSP Outage | 1636544 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:52Z | 2020-05-08T17:56:32Z |
IdenTrust: OCSP Responder missing id-pkix-ocsp-nocheck | 1653680 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:53Z | 2020-07-17T20:32:01Z |
IdenTrust: OCSP responses for subordinate CA exceed the validity period per CPS guidelines | 1772633 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:54Z | 2022-06-03T22:38:49Z |
IdenTrust: OCSP Signer Certificate Missing No-Check Extension | 1749089 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:55Z | 2022-01-08T01:12:16Z |
IdenTrust: Pre-certificates without a final certificate showing OCSP error | 1758027 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:56Z | 2022-03-04T00:51:29Z |
IdenTrust: S/MIME certificates issued in violation of New S/MIME Baseline Requirements v1.0 | 1853783 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [smime-misissuance] | 2024-01-26T17:08:14Z | 2023-09-18T21:07:16Z |
IdenTrust: Service Degradation | 1677239 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:57Z | 2020-11-14T00:17:58Z |
IdenTrust: Temporarily Expired CRLs | 1853447 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] Next update 2023-10-02 | 2023-10-12T10:26:30Z | 2023-09-15T19:10:08Z |
IdenTrust: Temporary Errors in Test Website Certificates | 1883792 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [policy-failure] | 2024-06-30T19:12:54Z | 2024-03-05T23:55:53Z |
IdenTrust: test certificates inadvertently published in production environment | 1876871 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [smime-misissuance] [ov-misissuance] | 2024-06-30T19:21:55Z | 2024-01-26T23:19:03Z |
IdenTrust: TLS ICA with User Notice in Policy Qualifier | 1897569 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ca-misissuance] | 2024-08-23T15:35:08Z | 2024-05-17T23:59:46Z |
IdenTrust: Unavailable CRL and OCSP Responders | 1754593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:25:58Z | 2022-02-09T22:58:18Z |
IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’. | 1709192 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:59Z | 2021-05-03T20:42:49Z |
IdenTrust: Undisclosed Unrevoked ICAs | 1598807 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] [ca-revocation-delay] [covid-19] | 2023-02-22T18:26:00Z | 2019-11-23T00:15:28Z |
IdenTrust: unintended creation of a Root CA certificate | 1895006 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ca-misissuance] | 2024-08-23T15:34:51Z | 2024-05-03T20:19:30Z |
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed | 1753287 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2024-07-08T21:40:25Z | 2022-02-02T19:33:14Z |
IP certificate issued with Domain Validation | 1550547 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-05-09T18:18:10Z |
iTrusChina: CRL Reason Codes | 1907949 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] [crl-failure] [external] | 2024-08-28T21:30:48Z | 2024-07-15T16:38:29Z |
iTrusChina: Failure to Respond to May 2022 Survey | 1772412 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] [disclosure-failure] | 2023-03-20T15:03:39Z | 2022-06-02T21:40:10Z |
iTrusChina: verification errors for the roots' CRLs(ARL) | 1712664 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] [crl-failure] | 2023-02-22T18:28:06Z | 2021-05-25T02:22:58Z |
Izenpe: certificate issued to internal domain | 1651026 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:23Z | 2020-07-07T10:24:09Z |
Izenpe: Certificates not disclosed in CCADB | 1667846 | RESOLVED | INVALID | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-09-28T18:07:32Z |
Izenpe: CRL and ARL exceed validity period value by one second | 1738421 | RESOLVED | FIXED | David | [ca-compliance] [crl-failure] | 2023-02-22T18:16:10Z | 2021-10-29T09:09:30Z |
Izenpe: EV certificate with various issues | 1267049 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:21Z | 2016-04-24T12:16:09Z |
Izenpe: Failure to provide a preliminary report within 24 hours. | 1647121 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [disclosure-failure] | 2023-02-22T18:23:24Z | 2020-06-21T09:43:38Z |
Izenpe: Failure to revoke within 5 days | 1656487 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:25Z | 2020-07-31T12:43:21Z |
Izenpe: incorrect value in stateOrProvinceName | 1653284 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:27Z | 2020-07-16T15:18:49Z |
Izenpe: Intermediate CA certificates not listed in audit report | 1596744 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [audit-failure] | 2024-06-30T20:08:48Z | 2019-11-15T14:22:33Z |
Izenpe: intermediate certificates not revoked within BR time period | 1598608 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:23:28Z | 2019-11-22T12:53:57Z |
Izenpe: Multiple invalid EV certificates issued | 1559765 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:29Z | 2019-06-17T09:52:50Z |
Izenpe: Multiple sub CAs with incorrectly encoded SubjectPublicKeyInfo algorithm | 1685767 | RESOLVED | DUPLICATE | Oscar Garcia | [ca-compliance] [ca-misissuance] | 2023-02-22T18:23:30Z | 2021-01-08T17:52:05Z |
Izenpe: Non-BR-Compliant Certificate Issuance | 1391054 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:31Z | 2017-08-16T20:46:31Z |
Izenpe: Non-BR-Compliant OCSP Responders | 1398258 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ocsp-failure] | 2023-02-22T18:23:32Z | 2017-09-08T17:59:32Z |
Izenpe: Not allowed Qualifier ID OID on Certificate Policies extension | 1876565 | RESOLVED | FIXED | David | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2024-04-06T02:31:35Z | 2024-01-25T16:19:00Z |
Izenpe: OU > 64 characters | 1528290 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:33Z | 2019-02-15T16:15:28Z |
Kamu SM: "Some-State" in stateOrProvinceName | 1551369 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:53Z | 2019-05-14T00:30:37Z |
KAMU SM: commonName not in SAN | 1847193 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-09-29T15:36:29Z | 2023-08-04T11:02:03Z |
Kamu SM: Insufficient Serial Number Entropy | 1539190 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:54Z | 2019-03-26T16:14:28Z |
Kamu SM: Non-BR-Compliant Certificate Issuance | 1390998 | RESOLVED | FIXED | Tuğba ÖZCAN | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:43Z | 2017-08-16T18:25:36Z |
KIR S.A.: Certificates issued greater than stated in CPS | 1708965 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:19Z | 2021-05-02T08:39:21Z |
KIR S.A.: Certificates issued with multiple BR violations | 1495497 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:24:20Z | 2018-10-01T17:51:30Z |
KIR S.A.: CN domain not in SAN | 1705187 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:21Z | 2021-04-14T19:45:55Z |
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains | 1705904 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2023-02-22T18:24:23Z | 2021-04-17T17:55:45Z |
KIR S.A.: Delayed revocations of certificates | 1709872 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:24Z | 2021-05-06T14:44:49Z |
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName | 1705832 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:25Z | 2021-04-16T21:10:15Z |
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown | 1705337 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:26Z | 2021-04-15T09:15:44Z |
KIR S.A.: Invalid organizationName | 1705647 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:27Z | 2021-04-16T07:43:50Z |
KIR S.A.: Many certificates with OCSP Unknown | 1705657 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:28Z | 2021-04-16T08:13:53Z |
KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days | 1523186 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:29Z | 2019-01-27T19:40:18Z |
KIR S.A.: O > 64 characters | 1532112 | RESOLVED | DUPLICATE | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:30Z | 2019-03-03T00:36:14Z |
Let's Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions | 1576789 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [ocsp-failure] | 2024-05-09T23:25:12Z | 2019-08-27T00:18:47Z |
Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines | 1666047 | RESOLVED | FIXED | Kiel C | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:55Z | 2020-09-18T23:39:32Z |
Let's Encrypt: CAA Misissuances | 1398427 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:48Z | 2017-09-09T05:06:45Z |
Let's Encrypt: CAA Rechecking bug | 1619047 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:47Z | 2020-02-29T05:48:37Z |
Let's Encrypt: Case-sensitive CAA tag processing | 1462735 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [uncategorized] | 2023-02-22T18:18:49Z | 2018-05-18T18:19:49Z |
Let's Encrypt: certificate lifetimes 90 days plus one second | 1715455 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2024-01-10T13:38:25Z | 2021-06-09T07:15:17Z |
Let's Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys | 1789521 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [dv-misissuance] | 2024-05-09T23:24:57Z | 2022-09-06T22:45:26Z |
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist | 1319609 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [dv-misissuance] | 2023-02-22T18:21:22Z | 2016-11-23T00:37:51Z |
Let's Encrypt: Delay updating OCSP responses | 1729567 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [ocsp-failure] | 2023-02-22T18:10:11Z | 2021-09-07T22:06:04Z |
Let's Encrypt: Delayed revocation for removed gTLD | 1795483 | RESOLVED | FIXED | James Renken | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:02Z | 2022-10-14T21:45:14Z |
Let's Encrypt: Duplicate Serial Numbers | 1838667 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [dv-misissuance] Next update 2023-07-27 | 2023-07-05T19:33:50Z | 2023-06-15T16:03:51Z |
Let's Encrypt: End Entity CRLs Not Reissued On Time | 1799755 | RESOLVED | FIXED | J.C. Jones [:jcj] (he/they) | [ca-compliance] [crl-failure] | 2024-05-09T23:24:49Z | 2022-11-08T21:28:58Z |
Let's Encrypt: Expired ISRG Root OCSP X1 Certificate | 1645276 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:03Z | 2020-06-12T01:54:59Z |
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates | 1684112 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:04Z | 2020-12-23T22:46:24Z |
Let's Encrypt: Failure to provide OCSP Responses for some certificates | 1753123 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [ocsp-failure] | 2023-01-04T17:50:21Z | 2022-02-01T23:12:23Z |
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident | 1715672 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:10:13Z | 2021-06-10T00:12:29Z |
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours | 1639794 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:48Z | 2020-05-21T06:33:06Z |
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1625322 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:51Z | 2020-03-26T22:22:26Z |
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1627614 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:52Z | 2020-04-06T09:01:48Z |
Let's Encrypt: Improper encoding of wildcard certificates | 1446080 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:53Z | 2018-03-15T18:30:49Z |
Let's Encrypt: Incomplete and Inconsistent CRLs | 1793114 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [crl-failure] | 2023-02-22T18:11:50Z | 2022-09-30T18:04:02Z |
Let's Encrypt: Incomplete revocation for CAA rechecking bug | 1619179 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:54Z | 2020-03-02T01:26:51Z |
Let's Encrypt: intent to issue root and intermediate certificates with organizationName and CABF DV OID | 1658437 | RESOLVED | WORKSFORME | Josh Aas | [ca-compliance] | 2024-05-09T19:16:46Z | 2020-08-10T22:06:28Z |
Let's Encrypt: keyCompromise key blocking deviation from CP/CPS | 1886876 | RESOLVED | FIXED | J.C. Jones [:jcj] (he/they) | [ca-compliance] [policy-failure] | 2024-04-17T17:38:31Z | 2024-03-21T20:45:28Z |
Let's Encrypt: Mis-issued certificates related to SC48v2 | 1735247 | RESOLVED | FIXED | Jillian | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:15Z | 2021-10-11T23:29:13Z |
Let's Encrypt: Non-BR-Compliant Certificate Issuance | 1391867 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:55Z | 2017-08-19T00:14:01Z |
Let's Encrypt: OCSP "unauthorized" responses | 1486650 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:56Z | 2018-08-27T23:15:00Z |
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1577652 | RESOLVED | INVALID | Jacob Hoffman-Andrews | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-08-29T23:34:57Z |
Let's Encrypt: OCSP responses with no revocationReason | 1648840 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:50Z | 2020-06-26T19:19:31Z |
Let's Encrypt: Potential Denial of Service against websites with broad private key reuse | 1742704 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [uncategorized] | 2024-05-09T19:15:02Z | 2021-11-23T21:14:42Z |
Let's Encrypt: TLS Using ALPN Allows Additional Identifiers in Challenge Certificate | 1752670 | RESOLVED | FIXED | Jillian | [ca-compliance] [dv-misissuance] | 2024-05-09T23:25:04Z | 2022-01-29T04:28:58Z |
Let's Encrypt: TLS Using ALPN TLS Version and OID | 1751984 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [dv-misissuance] | 2023-02-22T18:11:51Z | 2022-01-25T19:40:00Z |
LuxTrust: Outdated audit statement for intermediate certificate | 1578505 | RESOLVED | FIXED | ca | [ca-compliance] [audit-failure] | 2024-06-30T20:09:07Z | 2019-09-03T18:26:59Z |
LuxTrust: Overdue Audit Statements 2019 | 1566580 | RESOLVED | WORKSFORME | Yves Nullens | [ca-compliance] Overdue Audits for root certs | 2022-11-14T22:22:57Z | 2019-07-16T20:01:45Z |
Microsec: ALV Failures | 1625767 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [audit-failure] | 2024-06-30T19:45:59Z | 2020-03-29T15:37:59Z |
Microsec: Certificate validity period greater than 398 days | 1676352 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:02Z | 2020-11-10T10:49:41Z |
Microsec: Disallowed subject attribute field in DV certificate | 1889699 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [dv-misissuance] | 2024-08-28T21:34:58Z | 2024-04-04T17:01:58Z |
Microsec: Failure to revoke noncompliant ICA within 7 days | 1651632 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:27:05Z | 2020-07-09T10:16:34Z |
Microsec: Findings in 2023 Audit | 1865880 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [audit-finding] | 2024-02-14T21:24:46Z | 2023-11-21T17:11:36Z |
MICROSEC: Incident report - No OCSP status response for 2 Precertificates | 1844514 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ocsp-failure] | 2024-03-13T12:35:39Z | 2023-07-20T07:46:57Z |
Microsec: Incorrect OCSP Delegated Responder Certificate | 1649947 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ocsp-failure] | 2023-02-22T18:27:06Z | 2020-07-02T01:43:03Z |
Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields | 1622539 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:07Z | 2020-03-14T16:19:37Z |
Microsec: Late response to a CPR | 1886998 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [policy-failure] | 2024-08-28T21:32:49Z | 2024-03-22T12:22:34Z |
Microsec: Misissuance an EV TLS certificate without CPSuri | 1886257 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ev-misissuance] | 2024-08-28T21:32:32Z | 2024-03-19T18:23:18Z |
Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment | 1728384 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:08Z | 2021-08-31T17:51:11Z |
Microsec: Non-BR-Compliant Certificate Issuance | 1391055 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:03Z | 2017-08-16T20:50:39Z |
Microsec: Validity period greater than 825 days | 1512270 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [uncategorized] | 2023-02-22T18:27:09Z | 2018-12-05T19:10:00Z |
Microsoft DSRE PKI: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1620727 | RESOLVED | DUPLICATE | Dustin Hollenback | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:55Z | 2020-03-07T01:18:36Z |
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work | 1604124 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] | 2023-02-22T18:16:56Z | 2019-12-16T10:08:09Z |
Microsoft PKI Services: "unknown" OCSP response for issued certificates | 1793443 | RESOLVED | FIXED | John Mason | [ca-compliance] [ocsp-failure] | 2024-05-09T23:28:02Z | 2022-10-03T14:03:39Z |
Microsoft PKI Services: 3-Month Access Review Process Failure | 1848280 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] Next update 2023-10-23 | 2023-10-12T10:24:57Z | 2023-08-11T06:18:20Z |
Microsoft PKI Services: CA Certificates not published in DER Encoded Format | 1884461 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] | 2024-05-20T04:13:20Z | 2024-03-08T23:12:03Z |
Microsoft PKI Services: Certificate Mis-Issuance, DNSName is not FQDN, Preferred Name Syntax | 1706860 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:20Z | 2021-04-22T05:11:43Z |
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD | 1670337 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2024-01-16T01:00:23Z | 2020-10-09T22:39:52Z |
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing | 1644936 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2024-05-09T23:27:56Z | 2020-06-11T01:44:46Z |
Microsoft PKI Services: CRL Publication Failures | 1842121 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [crl-failure] Next update 2023-08-18 | 2023-09-29T15:34:35Z | 2023-07-07T01:46:36Z |
Microsoft PKI Services: DV certificate issued with OV fields | 1674561 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:57Z | 2020-10-31T13:25:42Z |
Microsoft PKI Services: Failure to disclose Revocation of Intermediate CAs within 7 Days | 1742195 | RESOLVED | FIXED | John Mason | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:22Z | 2021-11-20T00:35:58Z |
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days | 1700809 | RESOLVED | FIXED | John Mason | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:23Z | 2021-03-25T00:35:16Z |
Microsoft PKI Services: Failure to modify policy documents within 365 days | 1817023 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [disclosure-failure] | 2024-05-09T23:28:04Z | 2023-02-15T20:02:20Z |
Microsoft PKI Services: Firewall log data retention | 1658995 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [uncategorized] | 2024-05-09T23:27:58Z | 2020-08-13T21:17:21Z |
Microsoft PKI Services: Incomplete Logical Access Review Audit Evidence | 1652827 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] | 2024-06-30T18:52:20Z | 2020-07-14T18:12:02Z |
Microsoft PKI Services: Invalid Email Address for CPRs | 1904257 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] [external] | 2024-06-30T20:24:53Z | 2024-06-23T18:11:49Z |
Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586847 | RESOLVED | FIXED | Jason Cooper | [ca-compliance] [ca-misissuance] | 2024-05-09T23:27:52Z | 2019-10-07T17:28:29Z |
Microsoft PKI Services: Loss of Archived Firewall logs from Retention Store | 1602999 | RESOLVED | FIXED | mohanr | [ca-compliance] [uncategorized] | 2024-05-09T23:27:54Z | 2019-12-11T01:48:02Z |
Microsoft PKI Services: Malformed ICAs (Key Usage Malformed) | 1718991 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2024-05-09T19:16:04Z | 2021-07-02T19:45:34Z |
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions) | 1711147 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:24Z | 2021-05-13T22:59:51Z |
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs | 1598390 | RESOLVED | FIXED | Julio Montano | [ca-compliance] [ca-misissuance] | 2024-05-09T23:27:53Z | 2019-11-21T18:24:05Z |
Microsoft PKI Services: OCSP Responder does not know a Certificate | 1879552 | RESOLVED | FIXED | John Mason | [ca-compliance] [ocsp-failure] | 2024-03-29T15:03:07Z | 2024-02-09T15:10:34Z |
Microsoft PKI Services: Overdue Audit Reports 2021 | 1724530 | RESOLVED | FIXED | mohanr | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:46:23Z | 2021-08-06T23:24:25Z |
Microsoft PKI Services: Policy Documentation, Failure to update Domain Validation Method | 1693932 | RESOLVED | FIXED | John Mason | [ca-compliance] [policy-failure] | 2023-02-22T18:20:25Z | 2021-02-20T00:54:20Z |
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period | 1693930 | RESOLVED | FIXED | John Mason | [ca-compliance] [policy-failure] | 2023-02-22T18:20:26Z | 2021-02-20T00:46:40Z |
Microsoft PKI Services: Trusted Role Control Failure | 1848279 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] Next update 2023-10-23 | 2023-10-12T10:25:15Z | 2023-08-11T06:16:06Z |
Microsoft PKI Services: Underscore in SAN | 1705419 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:27Z | 2021-04-15T14:32:01Z |
Microsoft PKI Services: Unrevoked 4 intermediate certificates | 1740585 | RESOLVED | FIXED | John Mason | [ca-compliance] [crl-failure] | 2024-05-09T23:28:00Z | 2021-11-10T19:23:37Z |
Microsoft PKI Services: Vulnerability Management Exception Tracking | 1906028 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [audit-finding] | 2024-08-15T13:37:01Z | 2024-07-03T03:40:36Z |
Multicert: AIA CA Issuer field pointing to PEM encoded cert | 1637093 | RESOLVED | FIXED | ca.forum | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:13Z | 2020-05-11T22:24:22Z |
NAVER Cloud Trust Services: Certificate issued with incorrect OCSP URI in AIA | 1908128 | RESOLVED | FIXED | Hogeun Yoo | [ca-compliance] [ocsp-failure] | 2024-08-28T21:29:54Z | 2024-07-16T13:28:05Z |
NAVER Cloud Trust Services: commonName not in SAN | 1845269 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [ov-misissuance] | 2023-09-29T15:35:46Z | 2023-07-25T10:56:46Z |
NAVER Cloud Trust Services: DV Certificate issued with improperly validated | 1866448 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [dv-misissuance] | 2024-02-14T21:28:36Z | 2023-11-24T10:14:40Z |
NAVER Cloud Trust Services: DV certificate issued with no subject alternative name extension | 1785865 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [dv-misissuance] | 2024-05-09T23:31:11Z | 2022-08-18T17:25:01Z |
NAVER Cloud Trust Services: Failure to Respond to May 2022 Survey | 1772411 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [disclosure-failure] | 2024-05-09T23:31:18Z | 2022-06-02T21:38:27Z |
NAVER Cloud Trust Services: Incorrect keyUsage for ECC certificate | 1908130 | RESOLVED | FIXED | Hogeun Yoo | [ca-compliance] [ov-misissuance] | 2024-08-28T21:30:09Z | 2024-07-16T13:34:57Z |
NAVER Cloud Trust Services: OV certificate issued with OU field | 1843268 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [ov-misissuance] | 2024-05-09T23:31:05Z | 2023-07-13T11:39:18Z |
NetLock: CN not in SAN | 1462423 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:50Z | 2018-05-17T18:05:51Z |
NETLOCK: CPS 1.5.2. problem and contact information update | 1907568 | RESOLVED | FIXED | Nikolett | [ca-compliance] [policy-failure] | 2024-09-06T15:16:25Z | 2024-07-12T13:29:39Z |
NETLOCK: CRL Error on CRL Watch of NETLOCK DVCA CRL | 1843173 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [crl-failure] | 2023-09-29T15:33:49Z | 2023-07-12T21:02:07Z |
NetLock: Cumulative report connected to EV verification | 1676440 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:51Z | 2020-11-10T16:42:36Z |
Netlock: Delayed reply from CPR sent to contact listed in section 1.5.2 of CP/S | 1906115 | RESOLVED | FIXED | Nikolett | [ca-compliance] [policy-failure] | 2024-08-28T21:31:54Z | 2024-07-03T14:05:41Z |
NetLock: Delayed revocation report connected to ticket 1680378 | 1688844 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:27:52Z | 2021-01-26T10:45:33Z |
NETLOCK: Disclosed CRL is expired | 1819105 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [crl-failure] | 2023-09-29T15:33:37Z | 2023-02-27T16:06:21Z |
Netlock: Error in latest audit report | 1718517 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [audit-failure] | 2024-05-09T23:20:15Z | 2021-06-28T10:49:27Z |
NetLock: Failure to provide regular and timely incident updates | 1572992 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [policy-failure] | 2023-02-22T18:27:53Z | 2019-08-11T00:57:37Z |
NetLock: Failure to revoke noncompliant ICA within 7 days | 1656882 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:27:48Z | 2020-08-03T13:31:12Z |
NetLock: Intermediate CA Certificate Missing from Audit Reports | 1716874 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] [audit-failure] | 2024-06-30T20:09:34Z | 2021-06-16T20:28:57Z |
NETLOCK: Invalid CT data in issued certs (SABRE.CT misconfiguration) | 1824435 | RESOLVED | INVALID | Tamás Horváth | [ca-compliance] [ov-misissuance] | 2023-05-04T22:02:51Z | 2023-03-24T18:38:54Z |
NetLock: Issuance of >398-day precertificates after 2020-09-01 | 1676367 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:54Z | 2020-11-10T11:25:43Z |
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586795 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ca-misissuance] | 2023-02-22T18:27:55Z | 2019-10-07T15:30:31Z |
NetLock: Non-BR-Compliant Certificate Issuance | 1391056 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] [disclosure-failure] | 2023-02-22T18:27:56Z | 2017-08-16T20:52:45Z |
NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName | 1401211 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:57Z | 2017-09-19T14:44:14Z |
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates | 1889570 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [ev-misissuance] | 2024-08-28T21:32:12Z | 2024-04-04T08:18:19Z |
NETLOCK: Pre-certificates revoked with certificateHold reason | 1830823 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] | 2023-08-04T16:10:19Z | 2023-05-02T03:33:54Z |
Netlock: Problem with NETLOCK's codesigning CA | 1734114 | RESOLVED | INVALID | Anna Bányai | [ca-compliance] | 2024-05-09T19:15:29Z | 2021-10-05T10:11:30Z |
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit | 1680378 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:32Z | 2020-12-02T22:40:39Z |
NETLOCK: SSL certificates with OU field | 1820174 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [ov-misissuance] | 2023-07-28T22:14:47Z | 2023-03-03T13:53:22Z |
NETLOCK: SSL certificates with OU field - revocation delay | 1822809 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [leaf-revocation-delay] | 2023-09-29T15:34:03Z | 2023-03-16T13:19:45Z |
Network Solutions: Audit report delay | 1649507 | RESOLVED | FIXED | Roy Dykes | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:46:45Z | 2020-06-30T16:46:15Z |
Network Solutions: 2021 Audit Findings 1-3 | 1725047 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:56Z | 2021-08-10T22:42:41Z |
Network Solutions: 2021 Audit Observation #1 | 1725039 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:57Z | 2021-08-10T22:29:15Z |
Network Solutions: 2021 Audit Observation #2 | 1725041 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:59Z | 2021-08-10T22:34:00Z |
Network Solutions: 2021 Audit Observation #3 | 1725043 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:21:00Z | 2021-08-10T22:35:57Z |
Network Solutions: All test CA test website certificates are expired | 1726333 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [uncategorized] | 2023-02-22T18:21:01Z | 2021-08-18T10:57:19Z |
PKIoverheid / QuoVadis: CPS inconsistencies | 1650234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [policy-failure] | 2023-02-22T18:26:13Z | 2020-07-02T21:57:00Z |
PKIoverheid: (KPN) Incorrect Subject OrganizationName | 1746421 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:22Z | 2021-12-16T15:26:25Z |
PKIoverheid: CIBG insufficient serial number entropy | 1573490 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:36Z | 2019-08-13T13:48:08Z |
PKIoverheid: Compliance issues CIBG TLS certificates | 1578809 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:17Z | 2019-09-04T17:14:00Z |
PKIoverheid: Delayed audit statements for intermediate CAs | 1843265 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2024-03-27T16:06:27Z | 2023-07-13T11:05:00Z |
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652604 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:20:37Z | 2020-07-13T23:08:45Z |
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652922 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:15:09Z | 2020-07-15T07:37:39Z |
PKIoverheid: Incorrect OCSP Delegated Responder Certificate | 1649964 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:38Z | 2020-07-02T01:51:36Z |
PKIoverheid: KPN CPS lacks CPR problem reporting instructions | 1596923 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [policy-failure] | 2024-06-30T20:25:19Z | 2019-11-15T21:23:24Z |
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6 | 1719451 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] [policy-failure] | 2023-02-22T18:16:23Z | 2021-07-07T11:34:19Z |
PKIoverheid: KPN Insufficient Serial Number Entropy | 1535871 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:20:18Z | 2019-03-16T23:38:13Z |
PKIoverheid: KPN issued Invalid organizationalUnitName | 1706950 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:40Z | 2021-04-22T11:27:31Z |
PKIoverheid: Missing intermediate CA certificates in WTBR audit statements Staat der Nederlanden 2017/2018 | 1605126 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2024-06-30T20:11:17Z | 2019-12-19T15:11:44Z |
PKIoverheid: Missing Intermediate CA from audit statement | 1609706 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2024-06-30T20:10:26Z | 2020-01-16T16:02:50Z |
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs | 1586125 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2024-06-30T20:11:37Z | 2019-10-03T22:31:04Z |
PKIoverheid: Overdue audit statements for intermediate certificates | 1669518 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:47:11Z | 2020-10-06T15:59:19Z |
PKIoverheid: TSP CPS lacks problem reporting instructions | 1610507 | RESOLVED | DUPLICATE | Jorik van 't Hof | [ca-compliance] [policy-failure] | 2023-02-22T18:20:46Z | 2020-01-21T13:36:15Z |
Private keys for certificates exposed through their web server | 1378074 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:25Z | 2017-07-04T08:50:18Z |
PROCERT: Non-BR-Compliant Certificate Issuance | 1391058 | RESOLVED | DUPLICATE | Procert | [ca-compliance] [uncategorized] | 2023-02-22T18:22:57Z | 2017-08-16T20:57:02Z |
QuoVadis / Freistaat Bayern: Non-BR-compliant Key Usage | 1468477 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2024-05-09T23:37:23Z | 2018-06-13T12:54:22Z |
QuoVadis / PKIoverheid: incorrect OCSP response for precertificate | 1724276 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:42Z | 2021-08-05T18:40:48Z |
QuoVadis / Siemens: Insufficient serial number entropy | 1534535 | RESOLVED | FIXED | Rufus Buschart | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:04Z | 2019-03-12T07:37:16Z |
QuoVadis: BR Error - san dns name starts with period | 1521950 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:16Z | 2019-01-22T22:10:07Z |
QuoVadis: EV serialNumber with "none" | 1645708 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:17Z | 2020-06-14T21:43:34Z |
QuoVadis: Failure to revoke certificates with compromised private keys | 1624504 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:26:18Z | 2020-03-24T01:02:25Z |
QuoVadis: Incorrect EV businessCategory | 1593357 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:19Z | 2019-11-01T21:20:00Z |
QuoVadis: IPaddress in DNSname SAN | 1530623 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:20Z | 2019-02-26T09:12:26Z |
QuoVadis: LLB insufficient Serial Number Entropy | 1540315 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [uncategorized] | 2023-02-22T18:26:21Z | 2019-03-29T23:33:45Z |
QuoVadis: N/A in EV serialNumber field | 1576283 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:22Z | 2019-08-23T22:05:48Z |
QuoVadis: OCSP handling of Certificate Transparency Pre-certs | 1579950 | RESOLVED | INVALID | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-09T18:24:47Z |
QuoVadis: Unconstrained CAs missing audits | 1581597 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] [covid-19] | 2023-02-22T18:26:24Z | 2019-09-16T18:42:56Z |
QuoVadis: Certificate containing Debian weak key | 1472052 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:25Z | 2018-06-29T01:12:49Z |
QuoVadis: DarkMatter Insufficient Serial Number Entropy | 1531800 | RESOLVED | FIXED | Scott Rea | [ca-compliance] [ca-misissuance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:26:07Z | 2019-03-01T16:19:06Z |
QuoVadis: EV JOI Issue | 1581234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:26Z | 2019-09-13T22:22:25Z |
QuoVadis: Failure to provide a preliminary report within 24 hours | 1762456 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2022-03-31T19:01:43Z |
QuoVadis: Failure to provide a preliminary report within 24 hours. | 1649880 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [disclosure-failure] | 2023-02-22T18:26:27Z | 2020-07-01T21:05:09Z |
QuoVadis: failure to reply to CPR in a timely manner | 1590171 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [policy-failure] | 2024-06-30T20:25:51Z | 2019-10-21T17:17:06Z |
QuoVadis: Failure to revoke within 7 days: OCSP EKU issue | 1651553 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] [ocsp-failure] | 2023-02-22T18:26:29Z | 2020-07-09T00:51:12Z |
QuoVadis: hostnames not in preferred name syntax | 1738472 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:31Z | 2021-10-29T16:44:31Z |
QuoVadis: improper countryName format | 1493760 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:32Z | 2018-09-24T18:07:26Z |
QuoVadis: Incorrect EV jurisdiction of incorporation information | 1589047 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:33Z | 2019-10-16T10:41:58Z |
QuoVadis: Incorrect keyUsage for ECC certificate | 1667518 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:34Z | 2020-09-26T03:15:20Z |
QuoVadis: Incorrect OCSP Delegated Responder Certificate | 1649938 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:35Z | 2020-07-02T01:17:21Z |
Quovadis: Insufficient Serial Number Entropy | 1533899 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-03-08T22:01:46Z |
QuoVadis: IP in dnsName | 1524879 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:36Z | 2019-02-03T19:43:33Z |
QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs | 1586792 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-misissuance] | 2023-02-22T18:26:37Z | 2019-10-07T15:24:29Z |
QuoVadis: Multiple unreported misissuances in 2018 | 1519260 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:38Z | 2019-01-10T23:29:21Z |
QuoVadis: Non-BR-Compliant Certificate Issuance | 1391063 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] [remediation-accepted] | 2023-02-22T18:26:08Z | 2017-08-16T21:05:29Z |
QuoVadis: Non-BR-Compliant issuance --improper characters in DNSName (BIT sub-CA) | 1430909 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:10Z | 2018-01-16T22:28:17Z |
QuoVadis: Non-BR-Compliant OCSP Responder | 1426238 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:11Z | 2017-12-19T21:22:13Z |
QuoVadis: Recap of BR Compliance in 2018 issuance by external subCAs | 1519265 | VERIFIED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-01-10T23:47:58Z |
QuoVadis: revocation services validity set to expected value plus one second | 1733000 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:26:39Z | 2021-09-28T22:42:07Z |
QuoVadis: Unconstrained CAs revocation | 1599916 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:26:40Z | 2019-11-27T21:57:43Z |
QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17) | 1563917 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:41Z | 2019-07-06T15:42:34Z |
SECOM: "Default City" in Subject:localityName | 1548714 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:09Z | 2019-05-02T23:53:31Z |
SECOM: Ambiguity on KeyUsage with ECC public key | 1560234 | RESOLVED | INVALID | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-06-20T01:59:05Z |
SECOM: certificate for .test TLD | 1524452 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:12Z | 2019-02-01T04:03:25Z |
SECOM: certificate for which “L” and “ST” not set | 1544722 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:13Z | 2019-04-16T10:11:22Z |
SECOM: certificate for which “OU=-” | 1544712 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:14Z | 2019-04-16T09:42:44Z |
SECOM: Certificates Issued with lower case value in subject:countryName | 1896596 | RESOLVED | FIXED | ONO Fumiaki | [ca-compliance] [ov-misissuance] | 2024-07-24T19:20:50Z | 2024-05-14T09:50:14Z |
SECOM: CP/CPS does not clearly specify domain validation methods | 1705480 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [policy-failure] | 2023-02-22T18:18:15Z | 2021-04-15T17:41:50Z |
SECOM: CrossTrust: OU > 64 characters | 1532105 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:16Z | 2019-03-03T00:06:46Z |
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue | 1652610 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:18:08Z | 2020-07-13T23:18:28Z |
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates | 1707229 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:17Z | 2021-04-23T12:56:12Z |
SECOM: Difference in upper and lower case between CN field and SAN | 1897346 | RESOLVED | FIXED | ONO Fumiaki | [ca-compliance] [dv-misissuance] | 2024-07-24T19:21:05Z | 2024-05-17T02:36:40Z |
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ) | 1769222 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [policy-failure] | 2024-06-30T20:37:36Z | 2022-05-13T09:52:17Z |
SECOM: Failure to disclose Unconstrained Intermediate within 7 Days | 1563574 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:19Z | 2019-07-04T17:34:40Z |
SECOM: failure to revoke underscores | 1524816 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:21Z | 2019-02-03T00:10:12Z |
SECOM: FUJIFILM intermediate CA Certificate not listed in audit statement | 1695938 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2024-06-30T20:12:14Z | 2021-03-02T15:29:12Z |
SECOM: Incorrect OCSP Delegated Responder Certificate | 1649962 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ca-misissuance] | 2023-02-22T18:18:23Z | 2020-07-02T01:47:21Z |
SECOM: Insufficient Serial Number Entropy | 1539358 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [uncategorized] | 2023-02-22T18:18:24Z | 2019-03-27T06:44:50Z |
SECOM: Intermediate CA Certificates Missing from Audit Reports | 1717044 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2024-06-30T20:11:56Z | 2021-06-17T15:26:20Z |
SECOM: Mis-issued EV Certificates | 1576133 | RESOLVED | FIXED | Yuu Hidaka | [ca-compliance] [ev-misissuance] | 2023-02-22T18:28:52Z | 2019-08-23T11:22:28Z |
SECOM: Non-BR-Compliant Certificate Issuance | 1391064 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:25Z | 2017-08-16T21:08:12Z |
SECOM: Non-BR-Compliant OCSP Responders | 1398259 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:26Z | 2017-09-08T18:01:40Z |
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ) | 1805866 | RESOLVED | FIXED | ONO Fumiaki | [ca-compliance] [ev-misissuance] | 2023-02-02T01:51:38Z | 2022-12-15T10:15:13Z |
SECOM: Outdated audit statements for intermediate certificates | 1695993 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2024-06-30T20:12:30Z | 2021-03-02T18:51:51Z |
SECOM: Root CRLs exceed maximum validity period by 1 second | 1735998 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [crl-failure] [policy-failure] | 2023-02-22T18:18:28Z | 2021-10-15T10:07:51Z |
SECOM: TSA Certs Issued from Root | 1452671 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [uncategorized] | 2023-02-22T18:18:29Z | 2018-04-09T16:09:21Z |
SECOM: Undisclosed intermediate certificates | 1497703 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:30Z | 2018-10-09T22:45:08Z |
SECOM: Unqualified domain name in SAN | 1695786 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:31Z | 2021-03-01T22:55:03Z |
Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate | 1567060 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:08Z | 2019-07-18T04:15:06Z |
Sectigo: Missing Intermediate CA Certificate in Audit - D-TRUST CA 2-1 2015 | 1597948 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [audit-failure] | 2024-06-30T20:13:47Z | 2019-11-20T12:10:59Z |
Sectigo: "Default City" in Subject:localityName | 1548713 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:25:09Z | 2019-05-02T23:51:36Z |
Sectigo: "Manual DCV" method used | 1718579 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:10Z | 2021-06-29T00:03:51Z |
Sectigo: "Some-State" in stateOrProvinceName | 1551362 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:25:10Z | 2019-05-14T00:10:57Z |
Sectigo: "unauthorized" OCSP responses | 1639518 | VERIFIED | INVALID | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-05-20T10:59:02Z |
Sectigo: 2020 failure to respond to CPRs discovered | 1718785 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [disclosure-failure] [policy-failure] | 2024-06-30T20:26:27Z | 2021-06-30T17:56:11Z |
Sectigo: CCADB failed ALV - Ensured Root CA | 1597950 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [audit-failure] | 2023-02-22T18:25:13Z | 2019-11-20T12:14:01Z |
Sectigo: CCADB failed ALV - Network Solutions Certificate Authority | 1597947 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [audit-failure] | 2023-02-22T18:24:58Z | 2019-11-20T12:09:52Z |
Sectigo: Certificate issuance delayed for more than 398 days after DCV was completed | 1829746 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-06-02T15:24:51Z | 2023-04-24T20:07:46Z |
Sectigo: Certificates with RSA keys where modulus is not divisible by 8 | 1653504 | RESOLVED | FIXED | Nick France | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:23:18Z | 2020-07-17T09:10:59Z |
Sectigo: CPR response issues | 1650845 | RESOLVED | FIXED | Nick France | [ca-compliance] [ev-misissuance] [policy-failure] | 2024-06-30T20:26:48Z | 2020-07-06T17:10:43Z |
Sectigo: CRL validity beyond CPS allowed value | 1735761 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [crl-failure] | 2023-02-22T18:27:12Z | 2021-10-14T10:32:23Z |
Sectigo: DCV Reuse after 825 days | 1718771 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:24:59Z | 2021-06-30T15:52:53Z |
Sectigo: EV Certificate issuance with incorrect subject:serialNumber attribute value | 1891245 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-05-13T21:29:39Z | 2024-04-12T15:53:42Z |
Sectigo: EV SSL Certificates with incorrect businessCategory | 1590810 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:14Z | 2019-10-23T16:10:18Z |
Sectigo: EV SSL Certificates with incorrect subject details. | 1575022 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:15Z | 2019-08-19T18:59:33Z |
Sectigo: Failure to block disallowed LDH labels in domain names | 1740493 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [dv-misissuance] | 2023-02-22T18:22:04Z | 2021-11-10T13:27:26Z |
Sectigo: Failure to invalidate Email DCV Random Values after 30 days | 1878139 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [dv-misissuance] | 2024-05-20T04:11:27Z | 2024-02-01T20:35:52Z |
Sectigo: Failure to properly respond to a report of subscriber key compromise | 1635840 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:16Z | 2020-05-06T17:13:00Z |
Sectigo: Failure to provide a preliminary report within 24 hours | 1619359 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:17Z | 2020-03-02T18:01:01Z |
Sectigo: Failure to provide a preliminary report within 24 hours. | 1648717 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:47Z | 2020-06-26T09:09:54Z |
Sectigo: Failure to provide timely incident reports | 1563579 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:01Z | 2019-07-04T17:59:35Z |
Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours | 1625715 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:18Z | 2020-03-29T00:18:56Z |
Sectigo: Failure to revoke ECC certificates with non-DER encoded keyUsage within 5 days | 1800756 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:05Z | 2022-11-15T21:52:53Z |
Sectigo: Failure to revoke key-compromised certificate within 24 hours | 1639804 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:19Z | 2020-05-21T07:25:52Z |
Sectigo: Failure to revoke key-compromised certificates | 1639805 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:48Z | 2020-05-21T07:38:21Z |
Sectigo: Failure to revoke within 24 hours | 1492006 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:20Z | 2018-09-18T00:02:26Z |
Sectigo: Failure to revoke within 5 days | 1665763 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:49Z | 2020-09-17T21:27:03Z |
Sectigo: Forbidden Domain Validation Method | 1714628 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:13Z | 2021-06-04T17:20:27Z |
Sectigo: HTML encoded characters in subject attribute values | 1912225 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2024-09-26T18:18:59Z | 2024-08-08T09:16:17Z |
Sectigo: Inadequate DCV | 1694233 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:14Z | 2021-02-22T19:24:36Z |
Sectigo: Inadequate vulnerability scanning and patching | 1869056 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2024-02-02T15:02:27Z | 2023-12-08T21:15:16Z |
Sectigo: Inappropriate subject:serialNumber information in EV certificates obtained through ACME | 1712120 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:15Z | 2021-05-20T15:21:55Z |
Sectigo: Incomplete Subject organizationName | 1813989 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] Next update 2023-04-17 | 2023-05-04T21:28:52Z | 2023-01-31T08:42:03Z |
Sectigo: Incomplete Subscriber Agreement provisions | 1823723 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2023-04-05T16:52:17Z | 2023-03-21T15:48:45Z |
Sectigo: Incorrect EV businessCategory | 1715929 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:17Z | 2021-06-11T02:25:59Z |
Sectigo: Incorrect inclusion of DBA name | 1895722 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2024-06-05T21:36:42Z | 2024-05-08T14:42:50Z |
Sectigo: Incorrect JOI | 1793789 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:06Z | 2022-10-05T14:25:47Z |
Sectigo: Incorrect JOI Country value | 1747915 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:07Z | 2021-12-29T19:09:55Z |
Sectigo: Incorrect JOI for federal credit unions | 1741026 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:18Z | 2021-11-13T16:34:49Z |
Sectigo: Incorrect locality information | 1714193 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:19Z | 2021-06-02T20:05:35Z |
Sectigo: Incorrect OCSP responses | 1763203 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:08Z | 2022-04-05T17:53:55Z |
Sectigo: Incorrectly included registrationStateOrProvince in PSD-based cabfOrganizationIdentifier extension | 1897538 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-06-14T17:08:26Z | 2024-05-17T19:57:31Z |
Sectigo: invalid dnsName | 1524730 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:21Z | 2019-02-02T01:44:17Z |
Sectigo: Invalid postalCode field | 1708934 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:20Z | 2021-05-01T21:49:27Z |
Sectigo: Invalid stateOrProvinceName | 1710243 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:02Z | 2021-05-08T20:03:45Z |
Sectigo: invalid subject:organizationalUnitName on DV certificates | 1593776 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:22Z | 2019-11-04T18:55:11Z |
Sectigo: Issuance of ECC leaf certificates with non-DER encoded keyUsage | 1796803 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:25:03Z | 2022-10-21T15:24:55Z |
Sectigo: Lack of input validation in stateOrProvinceName | 1645686 | RESOLVED | DUPLICATE | Rich Smith | [ca-compliance] [ev-misissuance] | 2023-02-22T18:24:50Z | 2020-06-14T14:37:40Z |
Sectigo: Late CCADB update after CPS update | 1812336 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [disclosure-failure] | 2023-02-10T16:58:18Z | 2023-01-25T14:55:26Z |
Sectigo: Late revocation for incomplete Subject organizationName | 1818073 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [leaf-revocation-delay] Next update 2023-06-26 | 2023-06-28T16:51:41Z | 2023-02-21T20:12:04Z |
Sectigo: Late termination of privileged access to Certificate Systems | 1830088 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2024-03-27T16:06:53Z | 2023-04-26T14:27:21Z |
Sectigo: Missing Changelog in CPS | 1545208 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [policy-failure] | 2023-02-22T18:25:23Z | 2019-04-17T19:08:11Z |
Sectigo: Missing character in subject:organizationName attribute value | 1910451 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2024-08-21T14:40:40Z | 2024-07-29T18:19:04Z |
Sectigo: Missing data in cabfOrganizationIdentifier | 1915883 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-09-26T18:20:01Z | 2024-08-30T15:11:31Z |
Sectigo: Missing registration numbers in EV certificates | 1721271 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:21Z | 2021-07-19T21:45:25Z |
Sectigo: Misspelled city name in localityName field | 1782356 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:22Z | 2022-07-30T13:02:46Z |
Sectigo: Misspellings in stateOrProvince or localityName fields | 1715024 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:23Z | 2021-06-07T13:54:17Z |
Sectigo: Mojibake in certificate Subject fields | 1724458 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:24Z | 2021-08-06T16:57:05Z |
Sectigo: Non-existent hostname in CDP and AIA URLs | 1793787 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [dv-misissuance] | 2023-02-22T18:22:09Z | 2022-10-05T14:14:20Z |
Sectigo: Non-revocation of certificates with subject:organizationalUnitName in DV certificates | 1620561 | RESOLVED | FIXED | Nick France | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:20Z | 2020-03-06T11:47:14Z |
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature | 1741777 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:04Z | 2021-11-18T02:46:40Z |
Sectigo: Potential audit report delay | 1648593 | RESOLVED | FIXED | Nick France | [ca-compliance] [audit-failure] [audit-delay] | 2024-06-30T19:47:44Z | 2020-06-25T20:29:41Z |
Sectigo: potentially invalid organizational validation certificates | 1717046 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-06-17T15:29:48Z |
Sectigo: Premature disabling of CRL generation for an inactive CA | 1891039 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [crl-failure] | 2024-05-05T19:21:42Z | 2024-04-11T14:49:46Z |
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value | 1902748 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-08-28T21:30:28Z | 2024-06-14T20:30:02Z |
Sectigo: Reseller ZeroSSL and Private Key Generation | 1699756 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-03-19T16:45:46Z |
Sectigo: S/MIME certificates with (null) string value in subject attributes | 1853987 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] | 2023-10-12T10:22:14Z | 2023-09-19T18:31:06Z |
Sectigo: SC45 DCV Reuse Error | 1756847 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:10Z | 2022-02-23T18:08:18Z |
Sectigo: SMIME issuance with insufficient validation of mailbox authorization or control | 1860299 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] Next update 2023-11-30 | 2023-12-02T18:40:52Z | 2023-10-20T15:58:12Z |
Sectigo: State name in localityName | 1720744 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:25Z | 2021-07-15T16:53:25Z |
Sectigo: Subject field with unvalidated information included in certificates | 1736064 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:26Z | 2021-10-15T16:48:48Z |
Sectigo: Temporary unavailability for subset of CRLs | 1908690 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [crl-failure] | 2024-08-23T15:34:34Z |