CA/Closed Incidents
From MozillaWiki
< CA
Closed CA Compliance Bugs
A historical view of past overdue audit statements may be found here.
Below is a historical view of past CA compliance bugs. These bugs may have been valid and remedied by the CA, or may have been deemed invalid and closed as unnecessary.
All Other Issues
Summary | ID | Status | Resolution | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|---|
[meta] Bug for Tracking BR Compliance Issues | 1029147 | RESOLVED | WORKSFORME | Kathleen Wilson | [ca-compliance] -- tracking bug for BR Compliance issues | 2022-11-14T22:22:57Z | 2014-06-23T20:54:26Z |
ACCV: Insufficient serial number entropy | 1536213 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:58Z | 2019-03-18T20:07:12Z |
ACCV: Late Audit Statement | 1507862 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [audit-delay] | 2023-02-22T18:18:59Z | 2018-11-16T17:57:51Z |
ACCV: Missing BR Self Assessment | 1458042 | RESOLVED | FIXED | Jose Amador | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:00Z | 2018-04-30T20:43:40Z |
Actalis: Certificates issued with validity period greater than 398 days | 1826713 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ov-misissuance] | 2023-07-20T23:24:14Z | 2023-04-06T08:14:52Z |
Actalis: Certs issued with same issuer and serial number | 1405817 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-misissuance] | 2023-02-22T18:11:52Z | 2017-10-04T20:21:40Z |
Actalis: Delayed revocation of non-BR-compliant CA Certificate within 7 days | 1718554 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:11:53Z | 2021-06-28T17:57:01Z |
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName | 1670861 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:11:54Z | 2020-10-13T06:57:36Z |
Actalis: Failure to revoke certs within the BR required timeframe | 1572638 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:02Z | 2019-08-09T07:04:59Z |
Actalis: Failure to revoke within 7 days: OCSP EKU issue | 1651651 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:11:55Z | 2020-07-09T12:10:45Z |
Actalis: inaccurate value in stateOrProvinceName | 1648997 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:11:56Z | 2020-06-28T14:38:20Z |
Actalis: Incorrect OCSP Delegated Responder Certificate | 1649961 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ocsp-failure] | 2023-02-22T18:11:57Z | 2020-07-02T01:46:05Z |
Actalis: Insufficient serial number entropy | 1534295 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:11:58Z | 2019-03-11T15:23:03Z |
Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586787 | RESOLVED | FIXED | Giorgio Girelli | [ca-compliance] [ca-misissuance] | 2023-02-22T18:18:03Z | 2019-10-07T15:17:35Z |
Actalis: Issuance of intermediates after 2020-08-20 that do not comply with Mozilla Policy and the Baseline Requirements | 1717357 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ca-misissuance] | 2023-02-22T18:12:00Z | 2021-06-20T17:07:17Z |
Actalis: Non BR Compliant OCSP Responder | 1523680 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:01Z | 2019-01-29T17:01:00Z |
Actalis: Non-BR-Compliant Certificate Issuance | 1390974 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] [disclosure-failure] | 2023-02-22T18:12:02Z | 2017-08-16T17:37:59Z |
Actalis: pre-certificates with “certificateHold” as the revocation reason | 1824319 | RESOLVED | FIXED | Adriano Santoni | [ca-compliance] [crl-failure] | 2023-07-20T23:23:59Z | 2023-03-24T09:22:04Z |
AlphaSSL/Globalsign: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420766 | RESOLVED | INVALID | Linus Hallberg | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-11-26T21:44:51Z |
Amazon Trust Services / DigiCert: 404 error when fetching CRL | 1800405 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [crl-failure] | 2023-02-22T18:27:34Z | 2022-11-14T02:20:12Z |
Amazon Trust Services: ALV Errors | 1713668 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [audit-failure] | 2023-02-22T18:27:35Z | 2021-05-31T20:11:17Z |
Amazon Trust Services: CAA Misissuances | 1398428 | RESOLVED | FIXED | Peter Bowen | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:33Z | 2017-09-09T05:06:53Z |
Amazon Trust Services: CP/CPS does not specify key compromise methods | 1713976 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [policy-failure] | 2023-02-22T18:27:36Z | 2021-06-02T00:33:04Z |
Amazon Trust Services: Delayed Revocation of Subordinate CA | 1743943 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ca-revocation-delay] | 2023-06-02T15:24:38Z | 2021-12-02T01:29:57Z |
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6 | 1713978 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [policy-failure] | 2023-02-22T18:27:37Z | 2021-06-02T00:35:22Z |
Amazon Trust Services: Misissuance of Subordinate Per CPS | 1743935 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ca-misissuance] | 2023-02-22T18:27:38Z | 2021-12-02T01:03:30Z |
Amazon Trust Services: Missing CAA Check For Test Website Certificates | 1746945 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:27:39Z | 2021-12-20T21:47:24Z |
Amazon Trust Services: No Space In Private Organization | 1569266 | RESOLVED | FIXED | Dave Blunt | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:24Z | 2019-07-26T18:52:26Z |
Amazon Trust Services: Overdue audit statements for intermediate certificates | 1757615 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-failure] | 2023-02-22T18:15:03Z | 2022-03-01T18:28:06Z |
Amazon Trust Services: Revocation Time for Intermediate Certificates | 1719920 | RESOLVED | FIXED | Heather (Amazon Trust Services) | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:28:07Z | 2021-07-09T20:42:50Z |
Amazon Trust Services: Revoked Sample Certs - No SANs | 1574594 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:41Z | 2019-08-16T19:22:06Z |
Amazon Trust Services: Test revoked certificates with invalid validity period | 1525710 | RESOLVED | FIXED | Trevoli (Amazon Trust Services) | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:42Z | 2019-02-06T20:44:51Z |
Amazon: Failure to comply with RFC 5280 | 1521623 | RESOLVED | INVALID | Trevoli (Amazon Trust Services) | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-01-21T22:10:37Z |
ANF AC: 2023 Audit Report Finding | 1837386 | RESOLVED | FIXED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2023-10-12T10:24:44Z | 2023-06-08T11:12:50Z |
Apple: CAs omitted from audit statement | 1724528 | RESOLVED | FIXED | certification_authority | [ca-compliance] [audit-failure] | 2023-02-22T18:15:32Z | 2021-08-06T23:18:31Z |
Apple: CRL issuance frequency deviates from CPS in some cases | 1772644 | RESOLVED | FIXED | certification_authority | [ca-compliance] [crl-failure] [policy-failure] | 2023-02-22T18:15:34Z | 2022-06-04T01:16:10Z |
Apple: Empty SingleExtension in OCSP responses | 1669618 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:37Z | 2020-10-07T02:33:52Z |
Apple: EV Certificate Approver Authorization | 1659316 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:37Z | 2020-08-16T03:10:26Z |
Apple: EV TLS pre-certificates issued without EKU extension | 1777757 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:39Z | 2022-07-02T01:16:54Z |
Apple: OCSP availability 2020-11-12 | 1677234 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:40Z | 2020-11-13T23:32:41Z |
Apple: OCSP responders return ‘unknown’ for valid S/MIME and TLS certificates | 1771398 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:41Z | 2022-05-26T22:38:43Z |
Apple: OCSP responders return responses with incorrect issuer | 1588001 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:42Z | 2019-10-11T02:38:19Z |
Apple: Patch Management | 1598829 | RESOLVED | FIXED | certification_authority | [ca-compliance] [uncategorized] | 2023-02-22T18:15:43Z | 2019-11-23T03:16:07Z |
Apple: Revocation Delay for TLS certificates issued outside the TTL of the CAA record | 1843676 | RESOLVED | FIXED | certification_authority | [ca-compliance] [leaf-revocation-delay] | 2023-09-22T22:43:52Z | 2023-07-15T00:37:10Z |
Apple: Test web page certificates expired | 1730291 | RESOLVED | FIXED | certification_authority | [ca-compliance] [uncategorized] | 2023-02-22T18:15:44Z | 2021-09-11T00:05:08Z |
Apple: TLS certificates issued outside the TTL of the CAA record | 1841534 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [ev-misissuance] Next update 2023-08-15 | 2023-08-30T15:41:47Z | 2023-07-03T15:57:07Z |
Asseco DS / Certum: CA certificates not listed in audit report | 1598277 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [audit-failure] | 2023-02-22T18:28:37Z | 2019-11-21T12:22:42Z |
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record | 1409766 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:38Z | 2017-10-18T15:03:21Z |
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag | 1409764 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] | 2023-02-22T18:12:45Z | 2017-10-18T14:59:21Z |
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420860 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] | 2023-02-22T18:12:46Z | 2017-11-27T10:27:57Z |
Asseco DS / Certum: commonName not from subjectAltName entries | 1550575 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:39Z | 2019-05-09T19:38:32Z |
Asseco DS / Certum: Corrupted certificates | 1511459 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [dv-misissuance] [crl-failure] | 2023-02-22T18:28:40Z | 2018-11-30T19:57:00Z |
Asseco DS / Certum: CPS does not refer to BR domain validation methods | 1717034 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [policy-failure] | 2023-02-22T18:12:15Z | 2021-06-17T14:49:18Z |
Asseco DS / Certum: Cross-certificate with wrong policy identifier | 1823040 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-misissuance] Next update 2023-04-28 | 2023-05-19T20:59:32Z | 2023-03-17T14:25:57Z |
Asseco DS / Certum: Cross-Signed non-EV-audited root with an EV-enabled root | 1815355 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-misissuance] | 2023-08-16T20:34:36Z | 2023-02-07T01:02:26Z |
Asseco DS / Certum: Delayed revocation of SHECA cross certificate | 1825734 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-revocation-delay] Next update 2023-04-28 | 2023-06-01T16:09:16Z | 2023-03-31T09:39:46Z |
Asseco DS / Certum: Delayed revocation of SSL.COM cross certificate | 1826363 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ca-revocation-delay] | 2023-06-08T16:43:53Z | 2023-04-04T15:06:56Z |
Asseco DS / Certum: EV certificate mis-issue | 1451228 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:47Z | 2018-04-04T07:01:06Z |
Asseco DS / Certum: EV Certificates issued with wrong Business Category | 1600301 | RESOLVED | FIXED | Aleksandra Kapinos | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:13Z | 2019-11-29T13:58:21Z |
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours. | 1667684 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:41Z | 2020-09-27T19:47:28Z |
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period | 1600158 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:28:42Z | 2019-11-28T20:56:36Z |
Asseco DS / Certum: Failure to revoke within 5 days | 1668523 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:12:21Z | 2020-10-01T12:53:17Z |
Asseco DS / Certum: Forward dating certificates (notBefore in the future) | 1718680 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [uncategorized] | 2023-02-22T18:12:16Z | 2021-06-29T19:22:06Z |
Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate | 1567062 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:43Z | 2019-07-18T04:16:27Z |
Asseco DS / Certum: Incorrect localityName | 1710206 | RESOLVED | INVALID | Aleksandra Kurosz | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-05-08T11:07:15Z |
Asseco DS / Certum: Incorrect localityName | 1711208 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:18Z | 2021-05-14T12:39:03Z |
Asseco DS / Certum: Incorrect OCSP response encoding | 1639502 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:44Z | 2020-05-20T10:18:48Z |
Asseco DS / Certum: Invalid dnsNames | 1524195 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:45Z | 2019-01-31T08:44:10Z |
Asseco DS / Certum: Invalid stateOrProvinceName field | 1667986 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:19Z | 2020-09-29T12:32:51Z |
Asseco DS / Certum: Invalid stateOrProvinceName field (recurrent incident) | 1709392 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:20Z | 2021-05-04T15:49:39Z |
Asseco DS / Certum: Invalid value in SAN dNSName | 1611458 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:46Z | 2020-01-24T16:17:21Z |
Asseco DS / Certum: IP in dnsName | 1524878 | RESOLVED | DUPLICATE | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:47Z | 2019-02-03T19:31:55Z |
Asseco DS / Certum: non-audited intermediate certificate | 1579299 | RESOLVED | INVALID | Aleksandra Kapinos | [ca-compliance] | 2023-02-22T18:12:14Z | 2019-09-06T00:25:02Z |
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys | 1435770 | RESOLVED | FIXED | Arkadiusz Ławniczak | [ca-compliance] [dv-misissuance] [leaf-revocation-delay] | 2023-02-22T18:12:48Z | 2018-02-05T17:37:34Z |
Asseco DS / Certum: Overdue Audit Statements 2019 | 1566586 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [audit-failure] | 2023-02-22T18:28:49Z | 2019-07-16T20:11:46Z |
Asseco DS / Certum: Subordinate certificates with sequential serial number | 1832093 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ca-misissuance] | 2023-06-02T15:25:04Z | 2023-05-09T14:46:17Z |
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) | 1495518 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:50Z | 2018-10-01T18:42:05Z |
Asseco DS / Certum: Use of forbidden subjectPublicKeyInfo algorithm | 1518560 | RESOLVED | FIXED | Wojciech Trapczyński | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:51Z | 2019-01-08T17:48:51Z |
Asseco DS/Certum: SMIME certificates with wrong organizationIdentifier | 1853663 | RESOLVED | FIXED | Aleksandra Kurosz | [ca-compliance] [smime-misissuance] Next update 2-Oct-2023 | 2023-10-19T15:38:47Z | 2023-09-18T11:59:42Z |
Atos: Incorrect OCSP Delegated Responder Certificate | 1649963 | RESOLVED | FIXED | u636358 | [ca-compliance] [ocsp-failure] | 2023-02-22T18:27:44Z | 2020-07-02T01:49:14Z |
Atos: Insufficient Serial Number Entropy | 1540961 | RESOLVED | FIXED | u636358 | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:45Z | 2019-04-02T09:16:12Z |
Atos: Tracking bug for possible audit delays | 1626355 | RESOLVED | FIXED | u636358 | [ca-compliance] [audit-failure] [covid-19] | 2023-02-22T18:27:46Z | 2020-03-31T18:21:47Z |
Buypass: Failure to revoke PSD2 QWACs within mandated 5 days | 1628292 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:21:42Z | 2020-04-08T12:21:21Z |
Buypass: Illegal Business Category in a PSD2 QWAC | 1632632 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:43Z | 2020-04-23T20:06:39Z |
Buypass: Insufficient Serial Number Entropy | 1539307 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ca-misissuance] | 2023-02-22T18:21:44Z | 2019-03-27T00:04:50Z |
Buypass: Intermediate certificates not listed in audit reports | 1595113 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [audit-failure] | 2023-02-22T18:21:45Z | 2019-11-08T15:42:26Z |
Buypass: intermediate certificates not revoked within BR time period | 1598319 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:21:46Z | 2019-11-21T15:22:06Z |
Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs | 1626078 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:47Z | 2020-03-30T20:01:58Z |
Buypass: PSD2 QWAC with RSA modulus not divisible by 8 | 1654216 | RESOLVED | FIXED | Mads Henriksveen | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:49Z | 2020-07-21T08:44:01Z |
Camerfirma: audit gap | 1583470 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [audit-failure] | 2023-02-22T18:12:22Z | 2019-09-24T11:08:38Z |
Camerfirma: BR revocation period exceeded | 1624658 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:12:24Z | 2020-03-24T17:25:53Z |
Camerfirma: certificate for unregistered domain cuatis.net | 1672423 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:25Z | 2020-10-21T15:37:36Z |
Camerfirma: Certificate issued with 3-year lifespan, unknown policy | 1686524 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [uncategorized] | 2023-02-22T18:17:20Z | 2021-01-13T18:22:03Z |
Camerfirma: certificate with an incorrect OrganizationName | 1680083 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:21Z | 2020-12-01T18:37:48Z |
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier | 1685557 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:26Z | 2021-01-07T18:08:13Z |
Camerfirma: Certs issued with same issuer and serial number | 1405815 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ca-misissuance] | 2023-02-22T18:24:38Z | 2017-10-04T20:16:09Z |
Camerfirma: certs with duplicate SANs and without localityName or stateOrProvinceName | 1357067 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:09Z | 2017-04-17T13:17:52Z |
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant | 1688215 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [policy-failure] | 2023-02-22T18:12:27Z | 2021-01-22T14:46:23Z |
Camerfirma: Decision not to revoke certificates with authorityKeyIdentifier that violates Mozilla Policy | 1609828 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:11Z | 2020-01-17T02:02:26Z |
Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits | 1692535 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:15:04Z | 2021-02-12T18:03:08Z |
Camerfirma: Delayed revocations related to certificates without CABForum OV Reserved Policy Identifier | 1686966 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:12:28Z | 2021-01-15T15:26:32Z |
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident | 1647099 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:12:29Z | 2020-06-20T21:07:24Z |
Camerfirma: Delayed revocations related to Invalid stateOrProvinceName field | 1668331 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:13Z | 2020-09-30T16:56:47Z |
Camerfirma: EV Certificates issued with wrong Business Category | 1600114 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ev-misissuance] | 2023-02-22T18:12:30Z | 2019-11-28T17:00:58Z |
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA | 1672029 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [disclosure-failure] | 2023-02-22T18:12:31Z | 2020-10-19T19:51:27Z |
Camerfirma: failure to revoke underscores | 1524871 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:23Z | 2019-02-03T18:23:27Z |
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue | 1652603 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:17:24Z | 2020-07-13T23:03:16Z |
Camerfirma: Govern d'Andorra Audit Delay | 1704140 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [audit-failure] | 2023-02-22T18:12:32Z | 2021-04-09T16:59:28Z |
Camerfirma: Govern d'Andorra audits | 1575530 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:22:14Z | 2019-08-21T12:58:50Z |
Camerfirma: Incorrect disclosure of Intesa Sanpaolo sub-CA | 1672562 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [disclosure-failure] | 2023-02-22T18:12:33Z | 2020-10-22T00:39:13Z |
Camerfirma: Incorrect OCSP Delegated Responder Certificate | 1649944 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ca-misissuance] | 2023-02-22T18:17:25Z | 2020-07-02T01:39:03Z |
Camerfirma: Infocert misissued certificates | 1556806 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:26Z | 2019-06-04T17:29:54Z |
Camerfirma: Intesa Sanpaolo misissued certificates | 1557085 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:27Z | 2019-06-05T16:38:44Z |
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident | 1623384 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:12:34Z | 2020-03-18T16:59:47Z |
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident | 1623389 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:11Z | 2020-03-18T17:08:38Z |
Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280 | 1586860 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:22:15Z | 2019-10-07T18:28:50Z |
Camerfirma: Invalid stateOrProvinceName field | 1667430 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:35Z | 2020-09-25T16:43:12Z |
Camerfirma: Missing audit for Intermediate certificate | 1455147 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [audit-failure] | 2023-02-22T18:22:16Z | 2018-04-18T22:36:54Z |
Camerfirma: MULTICERT certificates with a validity period greater than 825 days | 1509002 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:28Z | 2018-11-21T12:21:41Z |
Camerfirma: MULTICERT Misissuance and missing audits | 1502957 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] [audit-failure] | 2023-02-22T18:22:17Z | 2018-10-29T17:53:16Z |
Camerfirma: MULTICERT organizationName Too Long | 1481862 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:18Z | 2018-08-08T16:08:56Z |
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy | 1534429 | RESOLVED | FIXED | ca.forum | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:12Z | 2019-03-11T21:09:17Z |
Camerfirma: No disclosure of verification sources | 1688382 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [policy-failure] | 2023-02-22T18:12:36Z | 2021-01-23T13:02:40Z |
Camerfirma: Non-BR-Compliant Certificate Issuance | 1390977 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:39Z | 2017-08-16T17:45:59Z |
Camerfirma: Non-BR-Compliant Issuance - DNSName is empty | 1443857 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:19Z | 2018-03-07T17:30:24Z |
Camerfirma: Non-BR-Compliant Issuance - Non-printable characters in OU field | 1431164 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:20Z | 2018-01-17T18:03:08Z |
Camerfirma: Non-BR-Compliant OCSP Responders | 1426233 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:40Z | 2017-12-19T20:54:48Z |
Camerfirma: Old CAs with an RSA modulus size of 2047 bits | 1692533 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ca-misissuance] | 2023-02-22T18:12:37Z | 2021-02-12T17:56:45Z |
Camerfirma: Outdated audit statements for intermediate certs | 1549861 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [audit-failure] | 2023-02-22T18:17:30Z | 2019-05-07T22:16:12Z |
Camerfirma: Potential Mis-Issuance based on CAA records | 1420871 | RESOLVED | FIXED | Ramiro Muñoz Muñoz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:41Z | 2017-11-27T11:45:15Z |
Camerfirma: Qualified Audit Statements | 1478933 | RESOLVED | FIXED | Juan Angel Martin | [ca-compliance] [audit-finding] | 2023-02-22T18:22:21Z | 2018-07-27T08:07:24Z |
Camerfirma: suspicious certificate for com.com | 1672409 | RESOLVED | FIXED | Ana Lopes | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:38Z | 2020-10-21T14:49:48Z |
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate | 1532333 | RESOLVED | FIXED | Eusebio Herrera | [ca-compliance] [crl-failure] | 2023-02-22T18:17:31Z | 2019-03-04T16:44:13Z |
Certainly: CRL Issuing Distribution Point Mismatch in CCADB | 1819422 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-03-24T16:11:21Z | 2023-02-28T19:42:13Z |
Certainly: Intermediate certificates with wrong time encoding | 1777270 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ca-misissuance] | 2023-02-22T18:15:05Z | 2022-06-29T15:17:59Z |
Certainly: Root CRL validity period exceeds maximum by one second | 1732745 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [crl-failure] | 2023-02-22T18:28:12Z | 2021-09-27T16:30:33Z |
Certainly: Serving Bad OCSP Responses | 1798053 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:13Z | 2022-10-28T19:03:00Z |
Certainly: Serving Expired OCSP Responses | 1771238 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:14Z | 2022-05-25T22:51:26Z |
Certainly: TLS Using ALPN TLS Version and OID | 1752452 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:15Z | 2022-01-28T00:08:42Z |
Certicamara: Failure to respond to September 2018 CA Survey | 1498409 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] [disclosure-failure] | 2023-03-20T15:01:11Z | 2018-10-11T22:41:22Z |
Certicamara: Undisclosed Intermediate certificates | 1455128 | RESOLVED | FIXED | Leonardo Maldonado | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:09Z | 2018-04-18T21:37:38Z |
Certigna : certificates issued with 2 SCT | 1709896 | RESOLVED | INVALID | Josselin Allemandou | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-05-06T16:27:26Z |
Certigna: Certificate issued with validity period greater than 398-days | 1774418 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-04-19T22:27:37Z | 2022-06-15T13:49:56Z |
Certigna: Issuance without respecting CAA records | 1485413 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:43Z | 2018-08-22T16:59:17Z |
Certigna: Precertificate with a validity period greater than 398-days | 1774171 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:06Z | 2022-06-14T10:26:36Z |
Certinomis / Docapost: Failure to respond to January 2018 survey | 1439126 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [disclosure-failure] | 2023-02-22T18:17:50Z | 2018-02-17T16:17:11Z |
Certinomis / Docapost: Non-BR-Compliant OCSP Responders | 1425998 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:51Z | 2017-12-18T23:30:08Z |
Certinomis: 174 certificates with unknown OCSP status | 1551390 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:52Z | 2019-05-14T02:51:13Z |
Certinomis: certificate for test.com, O=Entreprise TEST | 1496088 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:51Z | 2018-10-03T14:22:11Z |
Certinomis: certificates for an unregistered domain, with unknown OCSP status | 1544933 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:53Z | 2019-04-16T20:05:28Z |
Certinomis: certificates with invalid DNS SAN | 1551357 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:17:55Z | 2019-05-13T23:44:56Z |
Certinomis: certificates with space in dNSName SAN | 1539531 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:52Z | 2019-03-27T16:43:30Z |
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB | 1386891 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [disclosure-failure] | 2023-02-22T18:17:48Z | 2017-08-02T23:56:38Z |
Certinomis: email address in DNS SAN | 1503128 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:53Z | 2018-10-30T05:10:26Z |
Certinomis: invalid CDP extension | 1524451 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:54Z | 2019-02-01T04:02:44Z |
Certinomis: invalid DNS names in SAN | 1524094 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:55Z | 2019-01-30T23:12:19Z |
Certinomis: Invalid SAN in a certificate | 1542793 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:56Z | 2019-04-08T15:29:50Z |
Certinomis: invalid state and locality fields in subject | 1524103 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:57Z | 2019-01-30T23:28:42Z |
Certinomis: Invalid TLD in SAN | 1542328 | RESOLVED | FIXED | François CHASSERY | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:57Z | 2019-04-05T17:18:46Z |
Certinomis: misissued "test" certificates | 1524448 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:58Z | 2019-02-01T03:47:23Z |
Certinomis: Non-BR-Compliant Certificate Issuance | 1390978 | RESOLVED | FIXED | Franck Leroy | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:49Z | 2017-08-16T17:48:32Z |
Certinomis: O=POUR TEST in subject | 1524112 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:59Z | 2019-01-30T23:59:08Z |
Certinomis: Unqualified Domain Name in SAN | 1495524 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:00Z | 2018-10-01T18:52:44Z |
Certinomis: Use of Domain Validation Method 3.2.2.4.5 after August 1, 2018 | 1547072 | RESOLVED | INVALID | François CHASSERY | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-04-25T18:57:07Z |
Certinomis: validity period >825 days | 1524449 | RESOLVED | FIXED | Marc MAITRE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:01Z | 2019-02-01T03:52:25Z |
certSIGN: "Some-State" in stateOrProvinceName | 1551375 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:06Z | 2019-05-14T00:53:56Z |
certSIGN: CPS specifies md5 and sha1WithRSAEncryption as useable signature types | 1718675 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [policy-failure] | 2023-02-22T18:17:58Z | 2021-06-29T18:21:18Z |
certSIGN: Findings in 2023 ETSI Audit for certSIGN ROOT CA G2 - Audit Incident Report | 1833667 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [audit-finding] Next update 01-Nov-2023 | 2023-11-19T22:01:50Z | 2023-05-17T16:20:58Z |
certSIGN: Incorrect data in stateOrProvinceName | 1763173 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:59Z | 2022-04-05T15:50:23Z |
certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client | 1674886 | RESOLVED | FIXED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:01Z | 2020-11-02T20:33:07Z |
certSIGN: Non-BR-Compliant Certificate Issuance | 1390979 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:07Z | 2017-08-16T17:50:47Z |
certSIGN: Non-BR-Compliant OCSP Responders | 1398243 | RESOLVED | FIXED | Cristian Garabet | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:09Z | 2017-09-08T17:43:09Z |
certSIGN: Subscriber precertificate without Certificate Policies | 1762707 | RESOLVED | FIXED | Valentin Necoara | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:47Z | 2022-04-02T10:25:24Z |
CFCA: Certificate with wrong crlDistributionPoints | 1809382 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ov-misissuance] [ev-misissuance] Next update 2023-05-10 | 2023-09-29T15:33:03Z | 2023-01-10T06:31:09Z |
CFCA: Delayed reporting of intermediate CA certificate | 1784820 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [disclosure-failure] | 2023-08-16T20:34:22Z | 2022-08-15T01:50:44Z |
CFCA: Delayed reporting of revocation of an intermediate CA certificate | 1798812 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [disclosure-failure] | 2023-05-04T21:31:28Z | 2022-11-02T23:57:11Z |
CFCA: EV certificate with wrong PostalCode&Street | 1802845 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ev-misissuance] | 2023-09-29T15:32:49Z | 2022-11-28T08:59:21Z |
CFCA: ICA without EKU | 1793053 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ca-misissuance] Next update 2023-03-30 | 2023-06-30T16:29:50Z | 2022-09-30T11:56:05Z |
CFCA: Internal iPAddress in certificate | 1524143 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:31Z | 2019-01-31T03:01:37Z |
CFCA: invalid dnsNames | 1524733 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:33Z | 2019-02-02T01:53:09Z |
CFCA: Invalid TLD in SAN | 1532429 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:34Z | 2019-03-04T21:10:14Z |
CFCA: Missed CPS update publication on website in 2018 | 1565494 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [policy-failure] | 2023-02-22T18:26:46Z | 2019-07-12T08:36:16Z |
CFCA: O > 64 characters | 1532113 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:26:47Z | 2019-03-03T00:46:20Z |
CFCA: Overdue Audit Statements 2021 | 1741497 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [audit-delay] | 2023-03-02T19:04:33Z | 2021-11-16T21:13:00Z |
CFCA: Precertificate with postalCode and streetAddress swapped | 1771482 | RESOLVED | FIXED | bixinlong | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:43Z | 2022-05-27T11:42:17Z |
CFCA: Repeated unexplained delays in providing timely status updates | 1613409 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [policy-failure] | 2023-02-22T18:26:49Z | 2020-02-05T15:44:42Z |
CFCA: The delay in revocation of ICA | 1793059 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ca-revocation-delay] | 2023-06-30T16:30:04Z | 2022-09-30T12:15:26Z |
CFCA: The wrong status of OCSP | 1778035 | RESOLVED | FIXED | Gao Fei | [ca-compliance] [ocsp-failure] | 2023-04-19T22:28:04Z | 2022-07-05T01:24:08Z |
CFCA: Wrong OrganizationName | 1608333 | RESOLVED | FIXED | Oliver Bi | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:50Z | 2020-01-10T05:44:00Z |
CFCA: Wrong SerialNumber encoding | 1532559 | RESOLVED | FIXED | Jonathan Sun | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:35Z | 2019-03-05T09:53:07Z |
Chunghwa Telecom: Audit Letter Validation failures on intermediate certificates | 1614444 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] [audit-failure] | 2023-02-22T18:24:42Z | 2020-02-10T19:40:24Z |
Chunghwa Telecom: Test certificate with unregistered domain name | 1532436 | RESOLVED | FIXED | Li-Chun CHEN | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:43Z | 2019-03-04T21:37:25Z |
CommScope: Empty SCT extensions in certificates | 1852404 | RESOLVED | FIXED | Nicol So | [ca-compliance] [dv-misissuance] | 2023-09-22T22:44:26Z | 2023-09-09T19:06:57Z |
Comodo CA issuing EV Certs without Higher Authority checks | 1501374 | RESOLVED | INVALID | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-10-23T17:49:55Z |
Comodo: CAA Mis-Issuance on basic test case | 1410834 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:05Z | 2017-10-23T09:40:04Z |
Comodo: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420858 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:53Z | 2017-11-27T10:25:18Z |
Comodo: CAA Misissuance | 1398545 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:54Z | 2017-09-10T00:09:52Z |
Comodo: CAA misissuances due to race condition | 1423624 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:55Z | 2017-12-06T16:35:35Z |
Comodo: Misissuance using "CNAME CSR Hash 2" method of domain control validation | 1461391 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:07Z | 2018-05-14T17:51:50Z |
Comodo: Non-BR-Compliant Certificate Issuance | 1390981 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] [disclosure-failure] | 2023-02-22T18:24:57Z | 2017-08-16T17:54:00Z |
Comodo: Possible CAA Misissuance due against critical record | 1532313 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-03-04T15:20:11Z |
Comodo/cPanel: Potential Mis-Issuance based on CAA records (Sep 28, 2017) | 1420873 | RESOLVED | INVALID | Rob Stradling | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-11-27T11:51:26Z |
Consorci AOC : Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9 | 1590723 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:40Z | 2019-10-23T12:34:47Z |
Consorci AOC: EC-SECTORPUBLIC insufficient serial number entropy | 1538673 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:17:41Z | 2019-03-25T12:00:36Z |
Consorci AOC: Insufficient Audit Statements | 1425805 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [audit-failure] | 2023-02-22T18:17:42Z | 2017-12-18T07:15:25Z |
Consorci AOC: Non-BR-Compliant Certificate Issuance | 1390988 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:43Z | 2017-08-16T18:05:27Z |
Consorci AOC: Non-BR-Compliant OCSP Responders | 1398246 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:44Z | 2017-09-08T17:47:05Z |
Consorci AOC: Problem reporting mechanism for Consorci AOC points to URL with invalid cert | 1428832 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [policy-failure] [disclosure-failure] | 2023-02-22T18:17:45Z | 2018-01-08T17:43:37Z |
Consorci AOC: Qualified audit statements | 1496616 | RESOLVED | FIXED | Francesc Ferrer | [ca-compliance] [audit-failure] | 2023-02-22T18:17:46Z | 2018-10-04T23:57:19Z |
Cybertrust Japan: CRL signature algorithm encoding error | 1827490 | RESOLVED | FIXED | masahiro.shikutani | [ca-compliance] [crl-failure] | 2023-06-02T15:25:20Z | 2023-04-11T20:08:34Z |
Cybertrust Japan: Root CRLs exceed maximum validity period by one second | 1737242 | RESOLVED | FIXED | Masaru Sakamoto | [ca-compliance] [crl-failure] | 2023-02-22T18:22:27Z | 2021-10-22T09:24:51Z |
Cybertrust Japan: three test websites not provided | 1466252 | RESOLVED | FIXED | masahiro.shikutani | [ca-compliance] [uncategorized] | 2023-02-22T18:22:26Z | 2018-06-01T22:49:04Z |
D-TRUST: Certificate with RSA key where modulus is not divisible by 8 | 1691117 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:04Z | 2021-02-05T18:22:44Z |
D-TRUST: CRL not DER-encoded | 1793440 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [crl-failure] | 2023-02-22T18:17:05Z | 2022-10-03T13:27:09Z |
D-TRUST: Delayed revocation of EV certificates | 1580525 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:06Z | 2019-09-11T16:10:10Z |
D-TRUST: EV certificates with incorrectly used businessCategory entry | 1599561 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:07Z | 2019-11-26T20:07:18Z |
D-TRUST: incorrectly formatted businessCategory entry | 1567588 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:08Z | 2019-07-19T18:42:03Z |
D-TRUST: Issuance of non-conformant SSL certificate | 1610303 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:10Z | 2020-01-20T14:58:33Z |
D-TRUST: Non-BR-Compliant Certificate Issuance | 1390990 | RESOLVED | FIXED | Arno Fiedler | [ca-compliance] [ov-misissuance] [ev-misissuance] [policy-failure] | 2023-02-22T18:14:37Z | 2017-08-16T18:08:00Z |
D-TRUST: Precertificate OU > 64 Characters | 1563772 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:11Z | 2019-07-05T16:51:17Z |
D-TRUST: Private Key Disclosed by Customer as Part of CSR | 1682270 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [uncategorized] | 2023-02-22T18:17:12Z | 2020-12-14T11:59:25Z |
D-TRUST: syntax error in one tls certificate | 1509512 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:13Z | 2018-11-23T15:21:04Z |
D-TRUST: Wrong key usage (Key Agreement) | 1756122 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [dv-misissuance] | 2023-02-22T18:17:14Z | 2022-02-18T10:12:34Z |
D-TRUST: Wrong key usage (Key Encipherment) | 1647468 | RESOLVED | FIXED | Enrico Entschew | [ca-compliance] [dv-misissuance] | 2023-02-22T18:17:15Z | 2020-06-22T19:59:05Z |
DFN-PKI: Finding in 2020 ETSI audit | 1672208 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [uncategorized] | 2023-02-22T18:13:46Z | 2020-10-20T15:54:48Z |
DFN-PKI: OCSP/CRL inconsistencies | 1786313 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:47Z | 2022-08-22T15:22:12Z |
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days | 1667744 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:44Z | 2020-09-28T09:56:20Z |
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days | 1674082 | RESOLVED | FIXED | r.delval | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:34Z | 2020-10-29T10:12:47Z |
Dhimyotis / Certigna: Failure to revoke in the timeline specified by the BRs | 1685142 | RESOLVED | DUPLICATE | r.delval | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:36Z | 2021-01-05T19:21:24Z |
Dhimyotis / Certigna: Intermediate Cert(s) not disclosed in CCADB | 1451949 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:45Z | 2018-04-05T23:17:27Z |
Dhimyotis / Certigna: Unconstrained CAs missing audits | 1614821 | RESOLVED | FIXED | Josselin Allemandou | [ca-compliance] [audit-failure] | 2023-02-22T18:18:46Z | 2020-02-11T22:59:31Z |
DigiCert / ABB: greater than 825 day cert issuance | 1451446 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:54Z | 2018-04-04T18:52:32Z |
DigiCert / ABB: Issues with DN, country code and keyUsage | 1456655 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:51Z | 2018-04-24T22:29:53Z |
DigiCert / ADACOM: published outdated CRLs | 1483639 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [crl-failure] | 2023-02-22T18:13:33Z | 2018-08-15T18:26:12Z |
DigiCert / CTJ: Metadata in OU fields, Reserved IP Address | 1397957 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:05Z | 2017-09-07T23:41:14Z |
DigiCert / InfoCert: Insufficient Serial Number Entropy | 1397951 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:06Z | 2017-09-07T23:31:38Z |
DigiCert / Inteso San Paulo: Double dot characters | 1397969 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:07Z | 2017-09-08T00:02:09Z |
DigiCert / Justica: Invalid DNS names | 1397961 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [dv-misissuance] | 2023-02-22T18:19:08Z | 2017-09-07T23:52:46Z |
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate | 1647084 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:09Z | 2020-06-20T16:38:24Z |
DigiCert / Siemens: Insufficient Serial Number Entropy | 1397954 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:10Z | 2017-09-07T23:37:40Z |
DigiCert / Swiss Government: CommonName not in SANs | 1397965 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:11Z | 2017-09-07T23:57:55Z |
DigiCert / Symantec: EV JOI Issue | 1413761 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:53Z | 2017-11-02T01:04:36Z |
DigiCert / Telecom Italia: Several Problems | 1397960 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:13Z | 2017-09-07T23:50:32Z |
DigiCert / Terena: Metadata in OU fields | 1397958 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:14Z | 2017-09-07T23:44:38Z |
DigiCert / Verizon: Qualified 2019 Audit Statements | 1573937 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-finding] | 2023-02-22T18:14:27Z | 2019-08-14T18:23:01Z |
DigiCert / Verizon: Reserved/Intranet domain name | 1397968 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:15Z | 2017-09-08T00:00:04Z |
DigiCert / Wells Fargo: Invalid DNS names | 1397963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] [ov-misissuance] | 2023-02-22T18:19:16Z | 2017-09-07T23:55:43Z |
DigiCert: "Internet Widgits Pty Ltd" in organizationalUnitName | 1639032 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:52Z | 2020-05-18T21:19:33Z |
DigiCert: "Some-State" in stateOrProvinceName | 1551363 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:53Z | 2019-05-14T00:18:54Z |
DigiCert: & character in a printableString in ICA | 1593814 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ca-misissuance] | 2023-02-22T18:19:21Z | 2019-11-04T20:58:08Z |
DigiCert: 4 CRL's not responding | 1820269 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [crl-failure] | 2023-06-16T17:04:22Z | 2023-03-03T20:48:21Z |
DigiCert: Apple: Non-compliant Common Name Length | 1556906 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:15:45Z | 2019-06-05T01:08:39Z |
DigiCert: Apple: Non-compliant Serial Numbers | 1533655 | RESOLVED | FIXED | certification_authority | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:15:46Z | 2019-03-08T07:19:11Z |
DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown" | 1582519 | RESOLVED | INVALID | certification_authority | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-19T17:19:27Z |
DigiCert: Apple: Unconstrained CAs not included in WTBR report | 1575125 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [audit-failure] | 2023-02-22T18:28:17Z | 2019-08-20T03:19:15Z |
DigiCert: BR 3.2.5 Validation of Authority Failure for OV Certs | 1429639 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:22Z | 2018-01-11T00:49:24Z |
DigiCert: CAA Checking Issue | 1550645 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:55Z | 2019-05-10T01:02:08Z |
DigiCert: Certificate Issues Identified on the Mailing List | 1389172 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:12Z | 2017-08-10T17:48:43Z |
DigiCert: Delay of revocation for EV audit inconsistency incident | 1651828 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] [covid-19] | 2023-02-22T18:13:56Z | 2020-07-09T22:41:01Z |
DigiCert: delayed publication of revocation information | 1640805 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:23Z | 2020-05-26T06:02:30Z |
DigiCert: Delayed Revocation of ~5.5 hours | 1797165 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:24Z | 2022-10-24T19:08:14Z |
DigiCert: Delayed revocation of IV certificates | 1846784 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [leaf-revocation-delay] | 2023-09-02T17:58:57Z | 2023-08-02T17:23:05Z |
DigiCert: DigiCert issued cert with CN too long | 1353827 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] [iv-misissuance] | 2023-02-22T18:21:13Z | 2017-04-05T18:33:16Z |
DigiCert: Domain validation skipped | 1595921 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:25Z | 2019-11-12T21:55:36Z |
DigiCert: ECCE 001 issuing certificates without subject alternative name extension | 1262610 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:26Z | 2016-04-06T20:56:43Z |
DigiCert: Entity not verified in organizationalUnitName | 1676003 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:28Z | 2020-11-08T11:14:07Z |
DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days | 1563573 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:57Z | 2019-07-04T17:29:57Z |
DigiCert: Failure to find and revoke key-compromised certificates within 24 hours | 1693343 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:29Z | 2021-02-17T17:18:08Z |
DigiCert: Failure to properly encode Subject name | 1618256 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:59Z | 2020-02-26T16:35:57Z |
DigiCert: Failure to provide a preliminary report within 24 hours. | 1649277 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [disclosure-failure] | 2023-02-22T18:14:00Z | 2020-06-29T21:53:31Z |
DigiCert: Failure to revoke invalid serialNumber EV certificates within 5 days | 1646866 | RESOLVED | INVALID | Brenda Bernal | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-06-18T22:15:48Z |
DigiCert: Failure to revoke key-compromised certificate | 1639802 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:01Z | 2020-05-21T07:20:23Z |
DigiCert: Failure to revoke key-compromised certificates within 24 hours | 1639801 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:03Z | 2020-05-21T07:12:22Z |
DigiCert: Failure to revoke within 7 days: OCSP EKU issue | 1651461 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:14:04Z | 2020-07-08T19:38:44Z |
DigiCert: Failure to supervise ABB Subordinate CA | 1566162 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [uncategorized] | 2023-02-22T18:19:30Z | 2019-07-15T18:54:09Z |
DigiCert: Good OCSP Responses for Revoked Intermediates | 1523676 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:34Z | 2019-01-29T16:44:19Z |
DigiCert: improper domain validation | 1483715 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:31Z | 2018-08-15T23:43:12Z |
DigiCert: in-addr.arpa Misissuance | 1531817 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:32Z | 2019-03-01T16:58:02Z |
DigiCert: Inconsistent EV audits | 1650910 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-failure] | 2023-02-22T18:14:05Z | 2020-07-06T20:59:28Z |
DigiCert: Inconsistent validation information | 1824206 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-04-07T15:35:10Z | 2023-03-23T18:09:16Z |
DigiCert: Incorrect OCSP Delegated Responder Certificate | 1649951 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:23Z | 2020-07-02T01:44:09Z |
DigiCert: Incorrect RegNumber-Org Type combination | 1714439 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:06Z | 2021-06-03T20:49:29Z |
DigiCert: Insufficient entropy in serial numbers | 1417777 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:33Z | 2017-11-16T04:07:41Z |
DigiCert: Intermediate Cert(s) not disclosed in CCADB | 1451950 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:35Z | 2018-04-05T23:19:55Z |
DigiCert: Internal Domain Name cert mis-issuance | 1500621 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:07Z | 2018-10-19T22:51:46Z |
DigiCert: Invalid Country Code Issuance | 1465600 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:08Z | 2018-05-30T20:19:07Z |
DigiCert: Invalid localityName | 1710856 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:09Z | 2021-05-12T13:52:03Z |
DigiCert: Invalid stateOrProvinceName | 1710444 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:10Z | 2021-05-10T15:12:26Z |
DigiCert: IP in dnsName | 1524875 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:11Z | 2019-02-03T19:11:17Z |
DigiCert: Issuance of Cert with Compromised Key | 1624527 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:34Z | 2020-03-24T07:03:19Z |
DigiCert: Issuance of certs with weak keys (ROCA) | 1744795 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:35Z | 2021-12-07T17:41:36Z |
DigiCert: JOI Issue | 1576013 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:36Z | 2019-08-23T00:20:51Z |
DigiCert: Key Size Not Divisible By 8 | 1653475 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:37Z | 2020-07-17T05:07:57Z |
DigiCert: KPN Outdated Audit | 1539296 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-failure] | 2023-02-22T18:14:12Z | 2019-03-26T22:58:08Z |
DigiCert: Late background refreshment check | 1865235 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [policy-failure] | 2023-12-07T18:27:57Z | 2023-11-17T00:32:16Z |
DigiCert: Late CP/CPS CCADB uploads | 1814197 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [disclosure-failure] | 2023-02-14T20:36:53Z | 2023-01-31T17:39:41Z |
DigiCert: Malformed ICA | 1654967 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ca-misissuance] | 2023-02-22T18:22:24Z | 2020-07-24T03:31:17Z |
DigiCert: Microsoft: Incident report for Microsoft Dynamics incident | 1424305 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [crl-failure] [policy-failure] [disclosure-failure] | 2023-02-22T18:19:38Z | 2017-12-08T17:22:46Z |
DigiCert: Mis-issuance of certificate with https in CN/SAN | 1445857 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:36Z | 2018-03-15T03:22:13Z |
DigiCert: Mis-Issuance Rekey certificates | 1401407 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:17Z | 2017-09-19T23:46:24Z |
DigiCert: Missed Underscore Certificate Revocations | 1526154 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:13Z | 2019-02-08T05:54:10Z |
DigiCert: Missing audits for Intermediate certificates | 1455150 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-failure] | 2023-02-22T18:13:38Z | 2018-04-18T22:56:48Z |
DigiCert: no subject alternative name in Siemens certs | 1017157 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:14Z | 2014-05-28T18:39:18Z |
DigiCert: Non-audited, non-technically-constrained intermediate certs | 1368176 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] [audit-failure] | 2023-02-22T18:19:39Z | 2017-05-26T21:14:53Z |
DigiCert: Non-BR Compliant Certificates - missing CP/CPS OID | 1339339 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:41Z | 2017-02-14T07:12:56Z |
DigiCert: Non-BR-Compliant OCSP Responders | 1398269 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:42Z | 2017-09-08T18:13:52Z |
DigiCert: OCSP NextUpdate | 1627152 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ocsp-failure] | 2023-02-22T18:14:14Z | 2020-04-03T05:22:11Z |
DigiCert: OCSP not responding issue | 1816806 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ocsp-failure] | 2023-03-09T21:36:21Z | 2023-02-15T00:49:27Z |
DigiCert: OCSP responder returning invalid responses | 1662346 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:25Z | 2020-09-01T06:29:32Z |
DigiCert: OCSP services returns 1 byte | 1577014 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ocsp-failure] | 2023-02-22T18:19:18Z | 2019-08-27T20:03:41Z |
DigiCert: Onion Certs | 1447192 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:19Z | 2018-03-20T02:33:17Z |
DigiCert: Org information issue in new validation workflow | 1794050 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:43Z | 2022-10-06T22:39:59Z |
DigiCert: Org-JOI type mismatch | 1827772 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-05-04T21:26:43Z | 2023-04-13T02:33:00Z |
DigiCert: P-384,ecdsa-with-SHA512 Certificates | 1527423 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:15Z | 2019-02-12T20:12:36Z |
DigiCert: Private Keys Disclosed by Customers as Part of CSR | 1675684 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [uncategorized] | 2023-02-22T18:19:44Z | 2020-11-06T03:14:04Z |
DigiCert: Revoked intermediate certificates not in CRL | 1548719 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [crl-failure] | 2023-02-22T18:26:12Z | 2019-05-03T00:06:00Z |
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance | 1436173 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:39Z | 2018-02-06T20:53:47Z |
DigiCert: SHA-1 intermediate issued after 2016-01-01 | 1684442 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ca-misissuance] | 2023-02-22T18:19:45Z | 2020-12-29T12:25:40Z |
DigiCert: SHA-256 hash algorithm used with ECC P-384 key | 1664325 | RESOLVED | DUPLICATE | Brenda Bernal | [ca-compliance] [ca-misissuance] | 2023-02-22T18:14:16Z | 2020-09-10T22:57:41Z |
DigiCert: SMIME certificates issued inconsistent with BR’s | 1853463 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [smime-misissuance] Next update 2-Oct-2023 | 2023-10-12T10:22:54Z | 2023-09-15T21:16:38Z |
DigiCert: Sub CA with EV OIDs without audit report | 1838334 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ca-misissuance] | 2023-06-26T15:41:25Z | 2023-06-13T22:07:00Z |
DigiCert: Symantec non-constrained/non-disclosed intermediates | 1417771 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [disclosure-failure] [audit-failure] | 2023-02-22T18:19:46Z | 2017-11-16T03:43:16Z |
DigiCert: TERENA: No localityName in EV precert | 1586604 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-10-06T18:15:40Z |
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension | 1304895 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:28:19Z | 2016-09-22T22:13:03Z |
DigiCert: TLS certificates with incorrect policy OID | 1845634 | RESOLVED | FIXED | Martin Sullivan | [ca-compliance] [ov-misissuance] | 2023-09-02T17:59:16Z | 2023-07-26T23:26:22Z |
DigiCert: Truncation of Registration Number | 1727963 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ev-misissuance] | 2023-02-22T18:19:48Z | 2021-08-28T03:46:43Z |
DigiCert: Underscore character certificates | 1515564 | RESOLVED | DUPLICATE | Jeremy Rowley | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:49Z | 2018-12-20T05:53:44Z |
DigiCert: Underscores - Canadian Imperial Bank of Commerce | 1516561 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:17Z | 2018-12-27T19:10:01Z |
DigiCert: Underscores - Citi | 1517617 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:18Z | 2019-01-03T22:32:36Z |
DigiCert: Underscores - CVS Pharmacy | 1515788 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:19Z | 2018-12-20T22:32:16Z |
DigiCert: Underscores - Discover | 1516453 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:20Z | 2018-12-26T18:43:07Z |
DigiCert: Underscores - Ericsson | 1516599 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:22Z | 2018-12-28T04:02:33Z |
DigiCert: Underscores - Intuit | 1519572 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:23Z | 2019-01-11T23:40:27Z |
DigiCert: Underscores - Verizon | 1516545 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:24Z | 2018-12-27T17:02:34Z |
DigiCert: Undisclosed CAs -Federated Trust CA-1 | 1499585 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:20Z | 2018-10-17T00:55:49Z |
DigiCert: Unrevocation of BT Class 2 CA - G2 CA Certificate | 1442091 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:40Z | 2018-03-01T02:24:36Z |
DigiCert: Use of forbidden subjectPublicKeyInfo algorithm | 1518555 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:50Z | 2019-01-08T17:45:36Z |
DigiCert: Validation Scope Incident | 1556948 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:19:20Z | 2019-06-05T06:00:15Z |
DigiCert: Verizon CPS lacks problem reporting instructions | 1596931 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [policy-failure] | 2023-02-22T18:19:51Z | 2019-11-15T21:41:06Z |
DigiCert: Verizon mis-issued test certificates | 1335132 | RESOLVED | FIXED | Jeremy Rowley | [ca-compliance] [ov-misissuance] | 2023-02-22T18:19:52Z | 2017-01-30T19:24:44Z |
DigiCert: Verizon: "Default City" in Subject:localityName | 1548716 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:25Z | 2019-05-02T23:56:41Z |
DigiCert: WTCA / WTBR Audit 2019 - Matters to be resolved | 1613505 | RESOLVED | FIXED | Brenda Bernal | [ca-compliance] [audit-finding] | 2023-02-22T18:14:26Z | 2020-02-05T21:26:42Z |
DigitCert/Thawte: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN | 1420861 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-11-27T10:30:39Z |
Disig: Failure to Respond to Jun 2023 Apple Root Program Survey | 1846216 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [disclosure-failure] | 2023-09-29T15:34:20Z | 2023-07-31T06:58:44Z |
Disig: CPS does not refer to BR domain validation methods | 1717001 | RESOLVED | INVALID | Peter Miskovic | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-06-17T12:26:35Z |
Disig: Failure to provide a preliminary report within 24 hours. | 1670458 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:05Z | 2020-10-11T08:36:28Z |
Disig: Non-BR-Compliant Certificate Issuance | 1390991 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:24:06Z | 2017-08-16T18:10:26Z |
Disig: Non-BR-Compliant OCSP Responders | 1398242 | RESOLVED | FIXED | Peter Miskovic | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:07Z | 2017-09-08T17:39:43Z |
DocuSign/Keynectis: Missing BR Self Assessment | 1458038 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-04-30T20:33:37Z |
DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance | 1390994 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:17Z | 2017-08-16T18:14:03Z |
DocuSign/Keynectis: Non-BR-Compliant OCSP Responders | 1398247 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ocsp-failure] | 2023-02-22T18:17:18Z | 2017-09-08T17:49:21Z |
DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates | 1444455 | RESOLVED | FIXED | Erwann Abalea | [ca-compliance] [ca-misissuance] | 2023-02-22T18:17:19Z | 2018-03-09T17:26:39Z |
DocuSign/Keynectis: Outdated audit statements for Class 2 Primary CA | 1447497 | RESOLVED | WORKSFORME | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-03-20T23:26:41Z |
DocuSign/Keynectis: Undisclosed Intermediate certificate | 1497700 | RESOLVED | WONTFIX | Erwann Abalea | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-10-09T22:28:55Z |
DSV-Gruppe: Failure to respond to January 2018 survey | 1439129 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-03-20T15:00:54Z | 2018-02-17T16:23:34Z |
e-commerce monitoring gmbh: certificate issued with two pre-certificates | 1830536 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [uncategorized] | 2023-10-12T10:25:45Z | 2023-04-28T14:17:57Z |
E-Tugra: audit delay because of an environmental disaster/pandemic | 1659426 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [audit-failure] [covid-19] | 2023-02-22T18:16:41Z | 2020-08-17T12:03:45Z |
E-Tugra: CA Certificate Missing from Audit Reports | 1716843 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [audit-failure] | 2023-02-22T18:16:42Z | 2021-06-16T17:33:41Z |
E-Tugra: commonName not in SAN | 1687139 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:43Z | 2021-01-16T23:09:01Z |
E-Tugra: Delayed Response of Revocation Request | 1687513 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [policy-failure] | 2023-02-22T18:16:44Z | 2021-01-19T17:13:21Z |
E-Tugra: Failure to respond to January 2018 survey | 1439128 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:45Z | 2018-02-17T16:20:43Z |
E-Tugra: Failure to Respond to May 2022 Survey | 1772414 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:46Z | 2022-06-02T21:43:54Z |
E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6 | 1716902 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [policy-failure] | 2023-02-22T18:16:48Z | 2021-06-17T00:20:44Z |
E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462797 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:49Z | 2018-05-18T20:30:26Z |
E-Tugra: Incident Report (Security Issues) | 1801345 | RESOLVED | FIXED | Ahmed | [ca-compliance] [uncategorized] | 2023-07-21T15:45:27Z | 2022-11-18T16:55:09Z |
E-Tugra: Insufficient serial number entropy | 1542302 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:50Z | 2019-04-05T15:42:33Z |
E-Tugra: Intermittent OCSP response with status 'Unknown' | 1687330 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:51Z | 2021-01-18T16:55:06Z |
E-Tugra: Invalid DER results in failure to comply with RFC 5280 - Violating string length limit | 1582601 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:52Z | 2019-09-20T00:08:46Z |
E-Tugra: The failure to revoke a certificate | 1687608 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:53Z | 2021-01-20T05:28:49Z |
E-Tugra: Validity period > 825 days | 1449371 | RESOLVED | FIXED | Davut Tokgöz | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:54Z | 2018-03-27T23:55:44Z |
EDICOM: Signing SHA-1 OCSP responses with unconstrained certificate | 1397830 | RESOLVED | FIXED | Raúl Santisteban | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:03Z | 2017-09-07T17:15:36Z |
emSign: Audit Delay | 1728790 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [audit-failure] [covid-19] | 2023-02-22T18:27:58Z | 2021-09-02T13:46:28Z |
eMudhra: CRL occasionally returns 404 error | 1821508 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [crl-failure] | 2023-04-13T20:03:22Z | 2023-03-09T22:07:38Z |
eMudhra: emSign CA ECC Test Certificate Misissuance | 1665688 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:28:01Z | 2020-09-17T15:56:40Z |
eMudhra: emSign CA Invalid AIA Extension Value | 1763700 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:59Z | 2022-04-07T20:06:01Z |
eMudhra: emSign CA Invalid OrganizationalUnitName | 1745015 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [dv-misissuance] | 2023-02-22T18:28:00Z | 2021-12-08T17:28:52Z |
eMudhra: Failure to Respond to May 2022 Survey | 1772413 | RESOLVED | FIXED | Vijay Kumar | [ca-compliance] [disclosure-failure] | 2023-03-20T15:03:21Z | 2022-06-02T21:42:15Z |
Entrust: AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue | 1536287 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:11Z | 2019-03-18T23:35:48Z |
Entrust: Certificate issued with '-' in ST field | 1512018 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:38Z | 2018-12-04T17:58:37Z |
Entrust: Certificate Issued with Incorrect Country Code | 1559376 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:12Z | 2019-06-14T12:56:57Z |
Entrust: Certificate issued with validity greater than 825-days | 1561013 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:39Z | 2019-06-24T17:53:28Z |
Entrust: Compromised Private Key was not Revoked in Less than 24 Hours | 1611241 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:13Z | 2020-01-23T18:53:38Z |
Entrust: CRLs and OCSP responses not issued as specified in the CPS | 1737057 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:14:41Z | 2021-10-21T13:52:31Z |
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction | 1804753 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-04-19T22:26:20Z | 2022-12-08T19:55:41Z |
Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization" | 1599484 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:14Z | 2019-11-26T16:37:22Z |
Entrust: EV TLS Certificate incorrect jurisdiction | 1802916 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-04-24T19:50:18Z | 2022-11-28T15:22:17Z |
Entrust: Failure to provide a preliminary report within 24 hours. | 1667690 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:15Z | 2020-09-27T20:27:55Z |
Entrust: Failure to revoke a certificate | 1636339 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:42Z | 2020-05-08T01:04:59Z |
Entrust: Incorrect Business Category Value Discovered in an EV SSL Certificate | 1685370 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:16Z | 2021-01-06T18:43:01Z |
Entrust: Incorrect Jurisdiction Country Value in an EV Certificate | 1696227 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:17Z | 2021-03-03T18:27:38Z |
Entrust: Incorrect keyUsage for ECC certificate | 1667448 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:43Z | 2020-09-25T19:05:40Z |
Entrust: Incorrect value in Business Category field for Government Entities | 1728796 | RESOLVED | FIXED | Paul van Brouwershaven | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:42Z | 2021-09-02T14:39:16Z |
Entrust: Invalid data in commonName fields | 1675295 | RESOLVED | INVALID | Bruce Morton | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-11-04T15:22:54Z |
Entrust: Invalid data in State/Province Field | 1658792 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:18Z | 2020-08-12T18:32:59Z |
Entrust: Invalid localityName | 1712106 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:19Z | 2021-05-20T14:53:44Z |
Entrust: IP Address in dNSName form | 1448986 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:45Z | 2018-03-26T18:51:03Z |
Entrust: IP in dnsName | 1524876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:46Z | 2019-02-03T19:19:45Z |
Entrust: Issued Certificates to incorrect Organization | 1535735 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:20Z | 2019-03-15T20:45:13Z |
Entrust: Late mis-issue certificate revocation | 1520876 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:47Z | 2019-01-17T19:12:21Z |
Entrust: Late Revocation due to SHA-256 hash algorithm | 1651481 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:48Z | 2020-07-08T20:27:50Z |
Entrust: Late Revocation for Invalid State/Province Issue | 1658794 | RESOLVED | FIXED | Dathan Demone | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:16:21Z | 2020-08-12T18:38:52Z |
Entrust: Late Revocation for SSL Certificates issued with Un-verified IP Addresses | 1748634 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:49Z | 2022-01-05T13:46:41Z |
Entrust: Late revocation of underscore certificate | 1521520 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:50Z | 2019-01-21T14:40:19Z |
Entrust: Non-BR-Compliant Certificate Issuance | 1390996 | RESOLVED | FIXED | Kirk Hall | [ca-compliance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:21:04Z | 2017-08-16T18:19:28Z |
Entrust: Non-BR-Compliant OCSP Responder | 1428891 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ocsp-failure] | 2023-02-22T18:14:51Z | 2018-01-08T21:13:13Z |
Entrust: Outdated audit statement for intermediate cert | 1549862 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [audit-failure] | 2023-02-22T18:14:52Z | 2019-05-07T22:19:51Z |
Entrust: Printable String Constraint Failure | 1635096 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:53Z | 2020-05-04T12:31:25Z |
Entrust: Question marks in certificate O and L fields | 1552562 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:54Z | 2019-05-17T18:33:20Z |
Entrust: S/MIME Certificate Issued with Incorrect Policy OID | 1627346 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [uncategorized] | 2023-02-22T18:14:55Z | 2020-04-03T19:59:04Z |
Entrust: SHA-1 Issuance and other misissuance while testing | 1567659 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:56Z | 2019-07-20T02:20:56Z |
Entrust: SHA-256 hash algorithm used with ECC P-384 key | 1648472 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:57Z | 2020-06-25T13:39:29Z |
Entrust: SSL Certificates issued with Un-verified IP Addresses | 1744827 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:14:58Z | 2021-12-07T20:26:09Z |
Entrust: Subscriber provides private key with CSR | 1673119 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:00Z | 2020-10-23T23:12:14Z |
Entrust: Test Website Certificates Expired | 1731887 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [uncategorized] | 2023-02-22T18:15:01Z | 2021-09-21T20:44:28Z |
Entrust: TLS Certificate issued with a key that is impacted by the Close Primes vulnerability | 1766525 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:02Z | 2022-04-26T21:31:15Z |
Entrust: TLS Certificate issued with an incorrect state or province | 1792231 | RESOLVED | FIXED | Bruce Morton | [ca-compliance] [ov-misissuance] | 2023-04-19T22:25:51Z | 2022-09-23T17:25:40Z |
Error in latest audit report | 1718517 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [audit-failure] | 2023-02-22T18:15:08Z | 2021-06-28T10:49:27Z |
Firmaprofesional / SIGNE: No BR Audit for subCA technically capable of issuing TLS certs | 1586115 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-failure] | 2023-02-22T18:15:48Z | 2019-10-03T21:24:15Z |
Firmaprofesional: 2019 audit Finding #1 - 6.2 Identification and Authorization | 1610448 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:49Z | 2020-01-21T09:42:06Z |
Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls | 1612929 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:50Z | 2020-02-03T17:49:55Z |
Firmaprofesional: 2019 Audit Report Findings | 1606380 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:51Z | 2019-12-30T22:54:26Z |
Firmaprofesional: 2020 Audit Report Finding 1 out of 4 | 1649502 | RESOLVED | FIXED | chemalogo | [ca-compliance] [audit-finding] | 2023-02-22T18:15:52Z | 2020-06-30T16:38:26Z |
Firmaprofesional: 2020 Audit Report Finding 2 out of 4 | 1649679 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:22:58Z | 2020-07-01T06:51:44Z |
Firmaprofesional: 2020 Audit Report Finding 3 out of 4 | 1649724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:22:59Z | 2020-07-01T11:35:20Z |
Firmaprofesional: 2020 Audit Report Finding 4 out of 4 | 1649726 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:00Z | 2020-07-01T11:39:42Z |
Firmaprofesional: 2021 Audit Report Finding 1 out of 3 | 1717790 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:02Z | 2021-06-23T09:20:38Z |
Firmaprofesional: 2021 Audit Report Finding 2 out of 3 | 1717791 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:03Z | 2021-06-23T09:24:55Z |
Firmaprofesional: 2021 Audit Report Finding 3 out of 3 | 1717795 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:04Z | 2021-06-23T09:28:31Z |
Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL | 1771724 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [policy-failure] [audit-finding] | 2023-02-22T18:23:05Z | 2022-05-30T10:49:52Z |
Firmaprofesional: 2022 - Define Device Obsolescence Process | 1771727 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:06Z | 2022-05-30T10:56:50Z |
Firmaprofesional: 2022 - SSL certificates issued with wrong Organization ID number | 1769240 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:07Z | 2022-05-13T11:53:50Z |
Firmaprofesional: 2022 - StateorProvince field | 1771715 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:08Z | 2022-05-30T09:34:41Z |
Firmaprofesional: 2022 - Title field | 1771722 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [audit-finding] | 2023-02-22T18:23:09Z | 2022-05-30T10:40:30Z |
Firmaprofesional: 2023 - documentary inconsistency | 1832342 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [audit-finding] | 2023-10-12T10:25:32Z | 2023-05-10T16:02:45Z |
Firmaprofesional: 2023 - Ensure Timestamp service Logs Integrity | 1832338 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] | 2023-06-08T16:44:58Z | 2023-05-10T15:19:49Z |
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy | 1538638 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:53Z | 2019-03-25T09:14:32Z |
Firmaprofesional: Failure to Respond to April 2023 Survey | 1838864 | RESOLVED | INVALID | Maria Jose Prieto | [ca-compliance] [disclosure-failure] | 2023-07-14T18:26:06Z | 2023-06-16T13:12:27Z |
Firmaprofesional: Failure to revoke ICAs within 7 days: OCSP EKU | 1651637 | RESOLVED | FIXED | Maria Jose Prieto | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:23:10Z | 2020-07-09T10:39:54Z |
Firmaprofesional: Incorrect OCSP Delegated Responder Certificate | 1649943 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:54Z | 2020-07-02T01:35:16Z |
Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates | 1700145 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:55Z | 2021-03-22T16:45:17Z |
Firmaprofesional: Insufficient Audit Statements | 1412950 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] [audit-failure] | 2023-02-22T18:23:34Z | 2017-10-30T18:47:25Z |
Firmaprofesional: Missing BR Self Assessment | 1458064 | RESOLVED | FIXED | chemalogo | [ca-compliance] [uncategorized] | 2023-02-22T18:15:56Z | 2018-04-30T21:44:22Z |
Firmaprofesional: Non-audited, non-technically-constrained intermediate certs | 1368171 | RESOLVED | FIXED | Oscar Conesa | [ca-compliance] [audit-failure] | 2023-02-22T18:23:35Z | 2017-05-26T20:55:54Z |
Firmaprofesional: Non-BR-Compliant OCSP Responders | 1398240 | RESOLVED | FIXED | chemalogo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:57Z | 2017-09-08T17:34:41Z |
Firmaprofesional: Undisclosed Intermediate certificate | 1455119 | RESOLVED | FIXED | chemalogo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:15:58Z | 2018-04-18T21:04:01Z |
Firmaprofesional: Undisclosed Intermediate certificate SDS | 1464359 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:27Z | 2018-05-25T09:47:26Z |
Firmaprofesional: Undisclosed Intermediate certificate SIGNE | 1464335 | RESOLVED | FIXED | Wayne Thayer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:28:28Z | 2018-05-25T08:24:46Z |
FNMT: CP/CPS lack CAA processing details | 1596949 | RESOLVED | FIXED | alain | [ca-compliance] [policy-failure] | 2023-02-22T18:12:10Z | 2019-11-15T22:27:36Z |
FNMT: CRL problems displayed during the monitoring | 1828717 | RESOLVED | FIXED | Amaya Espinosa | [ca-compliance] [crl-failure] | 2023-09-29T15:32:36Z | 2023-04-18T17:17:07Z |
FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. | 1544586 | RESOLVED | FIXED | alain | [ca-compliance] [uncategorized] | 2023-02-22T18:12:11Z | 2019-04-15T22:25:26Z |
FNMT: Invalid localityName | 1744722 | RESOLVED | FIXED | alain | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:06Z | 2021-12-07T10:38:10Z |
FNMT: Issuance of QCP-n certificates without verifying identity | 1693304 | RESOLVED | FIXED | alain | [ca-compliance] [uncategorized] | 2023-02-22T18:12:07Z | 2021-02-17T14:02:23Z |
FNMT: Minor non-conformities in 2020 audit statement | 1626805 | RESOLVED | FIXED | alain | [ca-compliance] [audit-finding] | 2023-02-22T18:12:08Z | 2020-04-01T23:38:58Z |
FNMT: Minor non-conformities in 2021 audit statement | 1704199 | RESOLVED | FIXED | Brox | [ca-compliance] [audit-finding] | 2023-02-22T18:26:06Z | 2021-04-09T21:23:10Z |
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID | 1696872 | RESOLVED | FIXED | alain | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:12:09Z | 2021-03-08T09:13:02Z |
FNMT: OU exceeds 64 characters | 1495507 | RESOLVED | FIXED | Rafa Medina | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:37Z | 2018-10-01T18:20:02Z |
GDCA: Authentication of Organization Identity Failure for an OV Certificate | 1546253 | RESOLVED | FIXED | capoc | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:25Z | 2019-04-23T01:19:15Z |
GDCA: CRL validity period exceeds allowed value by one second | 1738191 | RESOLVED | FIXED | capoc | [ca-compliance] [crl-failure] | 2023-02-22T18:15:26Z | 2021-10-28T07:23:51Z |
GDCA: Incorrect Value in organizationName Field | 1662382 | RESOLVED | FIXED | capoc | [ca-compliance] [ev-misissuance] | 2023-02-22T18:15:29Z | 2020-09-01T10:22:24Z |
GDCA: Insufficient Serial Number Entropy | 1536831 | RESOLVED | FIXED | capoc | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:27Z | 2019-03-20T14:55:16Z |
GDCA: Misissuance of certificates with IP address | 1475563 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2018-07-13T14:53:18Z |
GDCA: Misissuance of certificates with small RSA keys | 1467414 | RESOLVED | FIXED | capoc | [ca-compliance] [dv-misissuance] | 2023-02-22T18:15:28Z | 2018-06-07T10:07:18Z |
GlobalSign: 4 Misissued certificates with invalid CN | 1552586 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:25Z | 2019-05-17T20:34:31Z |
GlobalSign: AT&T Insufficient Serial Number Entropy | 1535873 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:26Z | 2019-03-16T23:42:10Z |
GlobalSign: AT&T SSL certificates without the AIA extension | 1547691 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ca-misissuance] [ov-misissuance] | 2023-02-22T18:16:27Z | 2019-04-29T12:32:41Z |
GlobalSign: Certificate issued to FQDN with malformed CAA | 1759854 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:00Z | 2022-03-16T13:32:08Z |
GlobalSign: Certificate issued with RSASSA-PSS public key | 1630870 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [dv-misissuance] | 2023-02-22T18:23:37Z | 2020-04-17T07:55:18Z |
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8 | 1654896 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:04Z | 2020-07-23T20:27:31Z |
GlobalSign: CRL contains invalid signature algorithm | 1793441 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2023-02-22T18:16:01Z | 2022-10-03T13:32:09Z |
GlobalSign: CRLs reported in CCADB unavailable | 1829195 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [disclosure-failure] | 2023-05-04T21:28:27Z | 2023-04-20T17:27:16Z |
GlobalSign: Cross Certificate with non-conforming CABF Policy OIDs | 1650018 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:05Z | 2020-07-02T09:04:20Z |
GlobalSign: Empty SingleExtension in OCSP responses | 1667944 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [ocsp-failure] | 2023-02-22T18:23:38Z | 2020-09-29T08:35:25Z |
GlobalSign: EV certificate with wildcard domain in common name and SAN | 1782391 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:02Z | 2022-07-31T06:35:28Z |
GlobalSign: EV certificates with serialNumber Government Entity and businessCategory Private Organization | 1744518 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:39Z | 2021-12-06T12:41:44Z |
GlobalSign: EV TLS certificate with only metadata in JOI State field | 1850091 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] Next update 2023-10-02 | 2023-10-12T10:48:35Z | 2023-08-25T07:11:45Z |
GlobalSign: Failure to provide a preliminary report within 24 hours | 1668005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:06Z | 2020-09-29T13:41:33Z |
GlobalSign: Failure to revoke 2 noncompliant QWACs within 5 days | 1625445 | RESOLVED | FIXED | Paul Brown | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:40Z | 2020-03-27T11:58:01Z |
GlobalSign: Failure to revoke key-compromised certificate within 24 hours | 1639799 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:07Z | 2020-05-21T07:01:12Z |
GlobalSign: Failure to revoke noncompliant certificates within 5 days | 1654545 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:08Z | 2020-07-22T14:23:35Z |
GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1651447 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:10Z | 2020-07-08T18:43:10Z |
GlobalSign: Failure to revoke noncompliant ICA within 7 days | 1599788 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:09Z | 2019-11-27T15:30:34Z |
GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report | 1591005 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:13:11Z | 2019-10-24T08:42:50Z |
GlobalSign: Incapsula issued a certificate for non-existing domain (testslsslfeb20.me) | 1353833 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:16Z | 2017-04-05T18:49:26Z |
GlobalSign: Incorrect Jurisdiction of Incorporation information for Japan | 1658932 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:33Z | 2020-08-13T14:20:38Z |
GlobalSign: Incorrect OCSP Delegated Responder Certificate | 1649937 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:29Z | 2020-07-02T01:12:27Z |
GlobalSign: Incorrect RegNumber-Org Type combination | 1714968 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:34Z | 2021-06-07T10:09:01Z |
GlobalSign: Invalid countryName | 1707073 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:35Z | 2021-04-22T19:16:07Z |
GlobalSign: Invalid stateOrProvinceName and locality pair | 1708834 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:12Z | 2021-04-30T21:55:45Z |
GlobalSign: Invalid stateOrProvinceName value | 1668007 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:13:13Z | 2020-09-29T13:50:05Z |
GlobalSign: IP in dnsName | 1524877 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:30Z | 2019-02-03T19:26:29Z |
GlobalSign: Issuance of test EV SSL/QWAC pre-certificate with no EKU extension | 1836443 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ev-misissuance] | 2023-09-22T22:43:19Z | 2023-06-02T08:48:06Z |
GlobalSign: Misissuance of QWAC Certificates | 1623356 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [uncategorized] | 2023-02-22T18:16:31Z | 2020-03-18T15:18:06Z |
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields | 1390997 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] [remediation-accepted] | 2023-02-22T18:21:35Z | 2017-08-16T18:22:12Z |
GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName | 1393555 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:21:36Z | 2017-08-24T18:28:31Z |
GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits | 1393557 | RESOLVED | FIXED | Linus Hallberg | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] [ocsp-failure] | 2023-02-22T18:21:37Z | 2017-08-24T18:31:40Z |
GlobalSign: OCSP responder certificates with more than 64 characters in CN | 1760311 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:03Z | 2022-03-18T15:38:28Z |
GlobalSign: OCSP Responder Returns invalid values for Some Precertificates | 1579413 | RESOLVED | INVALID | douglas.beattie | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-06T13:16:29Z |
GlobalSign: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1605372 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:33Z | 2019-12-20T13:54:18Z |
GlobalSign: OCSP Status HTTP 530 | 1622505 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:14Z | 2020-03-14T09:46:51Z |
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31 | 1690807 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:36Z | 2021-02-04T15:17:11Z |
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key | 1664328 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:15Z | 2020-09-10T23:20:29Z |
GlobalSign: SPKI lacks explicit NULL parameter, | 1554259 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:16:34Z | 2019-05-24T17:27:53Z |
GlobalSign: SSL Certificates with US country code and invalid State/Prov | 1575880 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:35Z | 2019-08-22T15:15:29Z |
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold” | 1845803 | RESOLVED | FIXED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2023-09-08T20:17:16Z | 2023-07-27T18:40:48Z |
GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise | 1620922 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:13:16Z | 2020-03-09T07:55:46Z |
GlobalSign: Use of Domain Validation Random Value for more than 30 days | 1654544 | RESOLVED | FIXED | Arvid Vermote | [ca-compliance] [dv-misissuance] | 2023-02-22T18:13:17Z | 2020-07-22T14:15:45Z |
GlobalSign: Virginia Tech Insufficient Serial Number Entropy | 1536760 | RESOLVED | FIXED | douglas.beattie | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:36Z | 2019-03-20T10:35:05Z |
GlobalSign: Wrong business category (Non Commercial Entity when should have been Private Organization) | 1599775 | RESOLVED | FIXED | Eva Van Steenberge | [ca-compliance] [ev-misissuance] | 2023-02-22T18:17:32Z | 2019-11-27T15:06:13Z |
GLOBALTRUST: CN domain not in SAN | 1716123 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:15Z | 2021-06-12T10:30:19Z |
GLOBALTRUST: Revoked test website not using revoked certificate | 1716163 | RESOLVED | FIXED | Daniel Zens | [ca-compliance] [uncategorized] | 2023-02-22T18:15:16Z | 2021-06-12T22:52:37Z |
GoDaddy: Document Reuse Issue | 1646226 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:00Z | 2020-06-17T00:22:16Z |
GoDaddy: Action Items | 1341014 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:21:17Z | 2017-02-20T11:42:25Z |
GoDaddy: Agreed-Upon Website Domain Validation Issue | 1647030 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [dv-misissuance] | 2023-02-22T18:17:01Z | 2020-06-20T01:04:38Z |
GoDaddy: Certificate Problem Report responses greater than 24 hours | 1734953 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [policy-failure] | 2023-02-22T18:14:29Z | 2021-10-08T23:18:01Z |
GoDaddy: Certificates issued with validity periods greater than 398-days | 1662807 | RESOLVED | FIXED | Joanna | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:19:57Z | 2020-09-02T16:15:37Z |
GoDaddy: CRL Issuer Mismatch | 1829024 | RESOLVED | FIXED | daryn | [ca-compliance] [disclosure-failure] | 2023-05-05T20:09:23Z | 2023-04-19T23:38:58Z |
GoDaddy: CRLs are version 1 and lack CRL Number extension | 1793642 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [crl-failure] | 2023-01-15T18:11:01Z | 2022-10-04T16:55:34Z |
GoDaddy: cross certificate disclosure to CCADB | 1572234 | RESOLVED | FIXED | Joanna | [ca-compliance] [disclosure-failure] | 2023-02-22T18:19:58Z | 2019-08-07T21:41:17Z |
GoDaddy: Domain Validation Reuse Issue | 1605804 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:19:59Z | 2019-12-24T00:39:01Z |
GoDaddy: DV certificates with organizationalUnit field in subject | 1662810 | RESOLVED | FIXED | Joanna | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:00Z | 2020-09-02T16:19:52Z |
GoDaddy: Expired CRLs | 1645832 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [crl-failure] | 2023-02-22T18:17:02Z | 2020-06-15T15:59:20Z |
GoDaddy: Failure to respond to January 2018 survey | 1439123 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [disclosure-failure] | 2023-02-22T18:16:37Z | 2018-02-17T16:12:18Z |
GoDaddy: Failure to revoke 210 subscriber certificates within 24 hours | 1793848 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:30Z | 2022-10-05T20:25:49Z |
GoDaddy: Failure to revoke certificate with compromised key within 24 hours | 1640310 | RESOLVED | FIXED | Daniela Hood | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:03Z | 2020-05-22T22:29:58Z |
GoDaddy: Failure to revoke key-compromised certificates within 24 hours | 1639798 | RESOLVED | DUPLICATE | Joanna | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:01Z | 2020-05-21T06:55:17Z |
GoDaddy: Failure to Revoke Subscriber Certificates within 24 hours | 1742657 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:31Z | 2021-11-23T17:34:38Z |
GoDaddy: failure to revoke underscores | 1524815 | RESOLVED | FIXED | Joanna | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:02Z | 2019-02-03T00:05:02Z |
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString | 1462844 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [ev-misissuance] | 2023-02-22T18:16:38Z | 2018-05-19T00:56:14Z |
GoDaddy: improperly encoded certificate issued by Go Daddy Secure Certification Authority | 988633 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:18Z | 2014-03-26T23:51:38Z |
GoDaddy: inconsistent disclosure of externally-operated intermediate | 1567061 | RESOLVED | FIXED | Joanna | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:03Z | 2019-07-18T04:15:50Z |
GoDaddy: Insufficient serial number entropy | 1533774 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:20:04Z | 2019-03-08T16:03:12Z |
GoDaddy: Issued EV Wildcard Certificate | 1731939 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ev-misissuance] | 2023-02-22T18:14:32Z | 2021-09-22T04:35:33Z |
GoDaddy: Issues with State and Country fields | 1577913 | RESOLVED | FIXED | Joanna | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:05Z | 2019-08-30T22:17:38Z |
GoDaddy: Misissuance of Cross Signed Certs | 1777128 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ca-misissuance] | 2023-02-22T18:14:33Z | 2022-06-28T22:50:42Z |
GoDaddy: Non-BR-Compliant Certificate Issuance | 1391429 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:39Z | 2017-08-17T21:50:30Z |
GoDaddy: OV Documentation Reuse | 1759959 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [ov-misissuance] | 2023-02-22T18:14:34Z | 2022-03-17T02:54:05Z |
GoDaddy: Random Value Vulnerability in Domain Validation | 1484766 | RESOLVED | FIXED | Daymion Reynolds | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:40Z | 2018-08-20T17:32:59Z |
GoDaddy: Reported TLS Certificate Private Key Exposure | 1742602 | RESOLVED | DUPLICATE | Brittany Randall | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:14:35Z | 2021-11-23T14:05:44Z |
GoDaddy: Root CRLs exceed maximum validity period by 1 second | 1734265 | RESOLVED | FIXED | Brittany Randall | [ca-compliance] [crl-failure] | 2023-02-22T18:14:36Z | 2021-10-06T00:24:22Z |
Google Trust Services (GTS): Mis-issued certificates for citi.com subdomain due to lack of CAA record checking | 1809864 | RESOLVED | INVALID | James Longmore | [ca-compliance] [dv-misissuance] | 2023-01-25T16:01:32Z | 2023-01-12T11:25:14Z |
Google Trust Services: 63 bit serial numbers in some certificates | 1532842 | RESOLVED | FIXED | ryan_hurst | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:05Z | 2019-03-06T01:14:23Z |
Google Trust Services: Certificates not disclosed in CCADB | 1667844 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:51Z | 2020-09-28T18:02:27Z |
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3 | 1581183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [crl-failure] | 2023-02-22T18:13:20Z | 2019-09-13T17:48:53Z |
Google Trust Services: CRL validity period set to expected value plus one second | 1731164 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [crl-failure] | 2023-02-22T18:15:18Z | 2021-09-16T23:57:08Z |
Google Trust Services: Delayed publication of CPS removing DNS Operator Exception | 1729097 | RESOLVED | FIXED | Brett L | [ca-compliance] [policy-failure] | 2023-02-22T18:23:36Z | 2021-09-03T22:08:57Z |
Google Trust Services: digitalSignature KeyUsage not set | 1652581 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:21Z | 2020-07-13T21:30:47Z |
Google Trust Services: Failure to provide preliminary report within 24h | 1770510 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [disclosure-failure] | 2023-05-04T21:31:12Z | 2022-05-20T20:38:40Z |
Google Trust Services: Failure to provide regular and timely incident updates | 1708516 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:23Z | 2021-04-29T18:27:28Z |
Google Trust Services: Failure to respond to CPR within 24 hours | 1837519 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [policy-failure] Next update 2023-Oct-27 | 2023-11-02T16:07:47Z | 2023-06-08T21:51:16Z |
Google Trust Services: Failure to revoke subscriber certificates within BR timeframe | 1715421 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:17:47Z | 2021-06-09T01:39:26Z |
Google Trust Services: Failure to send preliminary report to subscriber within 24h | 1783272 | RESOLVED | FIXED | kyleomalley | [ca-compliance] [policy-failure] | 2023-02-22T18:21:33Z | 2022-08-04T19:46:46Z |
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10 | 1706967 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [policy-failure] | 2023-02-22T18:13:24Z | 2021-04-22T12:31:45Z |
Google Trust Services: Improper OCSP response for intermediate certificate | 1522975 | RESOLVED | FIXED | kluge | [ca-compliance] [ocsp-failure] | 2023-02-22T18:21:05Z | 2019-01-25T21:00:40Z |
Google Trust Services: Incorrect OCSP response for issued certificate | 1758372 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:20Z | 2022-03-07T15:51:07Z |
Google Trust Services: Incorrect OCSP responses for certain certificates | 1773556 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:21Z | 2022-06-09T20:24:53Z |
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4 | 1634795 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [crl-failure] [ocsp-failure] | 2023-02-22T18:13:25Z | 2020-05-01T22:08:31Z |
Google Trust Services: incorrect SCT in certificate | 1815874 | RESOLVED | FIXED | James Longmore | [ca-compliance] [dv-misissuance] | 2023-03-20T17:05:08Z | 2023-02-09T13:33:20Z |
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses | 1678183 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:26Z | 2020-11-19T01:07:08Z |
Google Trust Services: invalid CRL reason code | 1793467 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [crl-failure] | 2023-02-22T18:15:22Z | 2022-10-03T16:44:52Z |
Google Trust Services: invalid curve-hash combination | 1612389 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ca-misissuance] | 2023-02-22T18:13:27Z | 2020-01-30T16:35:02Z |
Google Trust Services: Invalid OCSP responses | 1630079 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:28Z | 2020-04-14T22:12:41Z |
Google Trust Services: OCSP responses not published in a timely manner | 1771552 | RESOLVED | FIXED | Cade Cairns | [ca-compliance] [ocsp-failure] | 2023-02-22T18:15:24Z | 2022-05-27T21:42:16Z |
Google Trust Services: OCSP serving issue 2020-04-09 | 1630040 | RESOLVED | FIXED | Andy Warner | [ca-compliance] [ocsp-failure] | 2023-02-22T18:13:29Z | 2020-04-14T20:03:13Z |
Google Trust Services: Out-of-date CPS disclosure | 1706976 | RESOLVED | INVALID | Andy Warner | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-04-22T12:56:37Z |
Google Trust Services: Revocation data publication delay for revoked unused subordinate CAs | 1838707 | RESOLVED | FIXED | Nick Naziridis | [ca-compliance] Next update 2023-07-28 | 2023-07-28T22:11:25Z | 2023-06-15T18:34:36Z |
Google Trust Services: Signing SHA-1 Hash for existing CA certificate with changes in Key Usage | 1709223 | RESOLVED | FIXED | Ryan Hurst | [ca-compliance] [ca-misissuance] | 2023-02-22T18:24:52Z | 2021-05-03T23:38:30Z |
Google Trust Services: Tracking bug for possible audit delays (audit due 2020-12) | 1625498 | RESOLVED | INVALID | kluge | [ca-compliance] [audit-delay] [covid-19] | 2022-11-14T22:22:57Z | 2020-03-27T16:02:20Z |
Government of Spain FNMT: QC Statement that contains at least one of the ETSI ESI statements | 1625421 | RESOLVED | INVALID | alain | [ca-compliance] | 2023-02-22T18:12:12Z | 2020-03-27T09:47:46Z |
GRCA: Audit Letter Validation failures on intermediate certificates | 1614448 | RESOLVED | FIXED | National Development Council | [ca-compliance] [audit-failure] | 2023-02-22T18:18:04Z | 2020-02-10T19:45:20Z |
GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions | 1523221 | RESOLVED | FIXED | National Development Council | [ca-compliance] [uncategorized] | 2023-02-22T18:18:05Z | 2019-01-28T05:05:53Z |
GRCA: Misissued certificates: Invalid commonName, commonName not in SAN | 1463975 | RESOLVED | FIXED | National Development Council | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:06Z | 2018-05-24T03:50:51Z |
GRCA: Signing SHA-1 OCSP responses with unconstrained certificate | 1397832 | RESOLVED | FIXED | National Development Council | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:07Z | 2017-09-07T17:18:45Z |
HARICA: 3 EV TLS Certificates without L or ST | 1597135 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ev-misissuance] | 2023-02-22T18:20:07Z | 2019-11-17T20:13:11Z |
HARICA: Certificates with invalid policy tree | 1699796 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:08Z | 2021-03-19T19:16:26Z |
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days | 1651465 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:20:09Z | 2020-07-08T19:47:06Z |
HARICA: Incorrect OCSP Delegated Responder Certificate | 1649945 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:10Z | 2020-07-02T01:40:46Z |
HARICA: Insufficient serial number entropy | 1535509 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:11Z | 2019-03-15T01:15:10Z |
HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1580393 | RESOLVED | INVALID | Dimitris Zacharopoulos | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-11T04:37:09Z |
HARICA: P-384,ecdsa-with-SHA256 Certificates | 1530971 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:13Z | 2019-02-27T10:18:46Z |
HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates | 1535772 | RESOLVED | FIXED | Dimitris Zacharopoulos | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:14Z | 2019-03-15T23:05:03Z |
Hongkong Post / Certizen: Failure to report misissuance | 1520299 | RESOLVED | FIXED | Man Ho | [ca-compliance] [policy-failure] | 2023-02-22T18:21:50Z | 2019-01-15T21:06:22Z |
Hongkong Post: Invalid EV cert businessCategory | 1836694 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ev-misissuance] | 2023-09-29T15:35:32Z | 2023-06-05T03:11:11Z |
Hongkong Post: Subject CN converted to Unicode representation incident | 1804843 | RESOLVED | FIXED | Man Ho | [ca-compliance] [ov-misissuance] | 2023-04-19T22:25:15Z | 2022-12-09T07:50:43Z |
IdenTrust / ISRG: Inconsistent Disclosure of Externally-Operated Intermediate | 1671410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:29Z | 2020-10-15T14:34:31Z |
IdenTrust duplicate Certificate in error flagged by OCSP Watch | 1831004 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-06-28T16:51:23Z | 2023-05-02T22:00:45Z |
IdenTrust: Bad OCSP Responses | 1806728 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-05-05T20:09:41Z | 2022-12-20T20:55:42Z |
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement | 1850807 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [policy-failure] | 2023-09-29T15:35:19Z | 2023-08-30T18:31:37Z |
IdenTrust: Certificate with missing details flagged by OCSP Watch | 1838315 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] Next update 2023-09-30 | 2023-10-12T10:25:58Z | 2023-06-13T19:55:42Z |
IdenTrust: Certificates with Invalid values for stateOrProvinceName | 1718552 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:33Z | 2021-06-28T17:20:19Z |
IdenTrust: CRL Potential Publication Delay due to Cache | 1775454 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:32Z | 2022-06-22T11:51:08Z |
IdenTrust: Delay Revocation for EV SSL Certificates | 1757247 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:34Z | 2022-02-25T22:50:18Z |
IdenTrust: Discrepancy in values of address fields within CN of SSL Certificates | 1526099 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:35Z | 2019-02-07T23:46:02Z |
IdenTrust: EV TLS certificate with invalid Jurisdiction state for government entity | 1756261 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:36Z | 2022-02-18T23:40:47Z |
IdenTrust: EV TLS certificate with wrong jurisdiction state for private organization | 1756850 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:37Z | 2022-02-23T18:23:38Z |
IdenTrust: Expired CRLs | 1792111 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:30Z | 2022-09-22T23:14:38Z |
IdenTrust: Expired ICAs CRLs | 1854465 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-11-02T16:07:11Z | 2023-09-21T20:14:19Z |
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days | 1542082 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:38Z | 2019-04-04T23:38:41Z |
IdenTrust: Failure to provide OCSP responses for valid ICA certificates | 1758213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:39Z | 2022-03-05T00:23:59Z |
IdenTrust: Failure to Revoke Subscriber Certificates Within 5 days | 1736706 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:40Z | 2021-10-19T20:57:55Z |
IdenTrust: Improper encoding of wildcard certificate | 1446121 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:41Z | 2018-03-15T19:45:15Z |
IdenTrust: Inaccurate CRL Details in CCADB | 1818833 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] | 2023-03-20T17:04:44Z | 2023-02-24T22:53:18Z |
IdenTrust: Incorrect Subject Details for HydrantId | 1635279 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:42Z | 2020-05-04T22:04:47Z |
IdenTrust: Intermitent interruptions to DNS service | 1734906 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:31Z | 2021-10-08T17:35:25Z |
IdenTrust: Intermittent issuance/validation failures and website outage | 1778788 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:25:27Z | 2022-07-08T22:01:52Z |
IdenTrust: Internal names / failure to report | 1500593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:43Z | 2018-10-19T20:46:40Z |
IdenTrust: Invalid OCSP Response Held in Cache | 1678410 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:44Z | 2020-11-19T19:26:17Z |
IdenTrust: Issuance of certificates greater than 398 days | 1663080 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:45Z | 2020-09-03T22:20:58Z |
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days | 1744627 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:46Z | 2021-12-06T23:19:03Z |
IdenTrust: Issuance of Subordinate CA’s Without EKU | 1669594 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ca-misissuance] | 2023-02-22T18:25:47Z | 2020-10-06T22:01:50Z |
IdenTrust: Mis-Issued EV Certificates | 1734917 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:48Z | 2021-10-08T18:09:31Z |
IdenTrust: Mis-Issued EV Code Signing Certificate | 1796715 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [uncategorized] | 2023-02-22T18:25:49Z | 2022-10-20T23:55:06Z |
IdenTrust: Missing Revocation Reasons in CRL | 1794047 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:28Z | 2022-10-06T22:03:10Z |
IdenTrust: Missing Thumbprints In Some Annual Audit Reports | 1588213 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [audit-failure] | 2023-02-22T18:25:50Z | 2019-10-11T21:12:01Z |
IdenTrust: Non-BR-Compliant Certificate Issuance | 1391000 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] [ca-misissuance] [ev-misissuance] [disclosure-failure] | 2023-02-22T18:28:03Z | 2017-08-16T18:28:55Z |
IdenTrust: Non-BR-Compliant OCSP Responders | 1398255 | RESOLVED | FIXED | Vishvas Patel | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:04Z | 2017-09-08T17:57:19Z |
IdenTrust: OCSP Outage | 1636544 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:52Z | 2020-05-08T17:56:32Z |
IdenTrust: OCSP Responder missing id-pkix-ocsp-nocheck | 1653680 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:53Z | 2020-07-17T20:32:01Z |
IdenTrust: OCSP responses for subordinate CA exceed the validity period per CPS guidelines | 1772633 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:54Z | 2022-06-03T22:38:49Z |
IdenTrust: OCSP Signer Certificate Missing No-Check Extension | 1749089 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:55Z | 2022-01-08T01:12:16Z |
IdenTrust: Pre-certificates without a final certificate showing OCSP error | 1758027 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:56Z | 2022-03-04T00:51:29Z |
IdenTrust: Service Degradation | 1677239 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:57Z | 2020-11-14T00:17:58Z |
IdenTrust: Temporarily Expired CRLs | 1853447 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] Next update 2023-10-02 | 2023-10-12T10:26:30Z | 2023-09-15T19:10:08Z |
IdenTrust: Unavailable CRL and OCSP Responders | 1754593 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:25:58Z | 2022-02-09T22:58:18Z |
IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’. | 1709192 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [crl-failure] | 2023-02-22T18:25:59Z | 2021-05-03T20:42:49Z |
IdenTrust: Undisclosed Unrevoked ICAs | 1598807 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [disclosure-failure] [ca-revocation-delay] [covid-19] | 2023-02-22T18:26:00Z | 2019-11-23T00:15:28Z |
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed | 1753287 | RESOLVED | FIXED | IdenTrust | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:01Z | 2022-02-02T19:33:14Z |
Invalid country field for Camerfirma root CA certificates | 1468000 | VERIFIED | INVALID | Ben Wilson | [ca-compliance] | 2023-09-14T16:52:59Z | 2018-06-09T14:05:34Z |
IP certificate issued with Domain Validation | 1550547 | RESOLVED | INVALID | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-05-09T18:18:10Z |
iTrusChina: Failure to Respond to May 2022 Survey | 1772412 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] [disclosure-failure] | 2023-03-20T15:03:39Z | 2022-06-02T21:40:10Z |
iTrusChina: verification errors for the roots' CRLs(ARL) | 1712664 | RESOLVED | FIXED | iTrusChina Co.,Ltd. | [ca-compliance] [crl-failure] | 2023-02-22T18:28:06Z | 2021-05-25T02:22:58Z |
Izenpe: CA certificates not listed in audit report | 1596744 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [audit-failure] | 2023-02-22T18:23:22Z | 2019-11-15T14:22:33Z |
Izenpe: certificate issued to internal domain | 1651026 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:23Z | 2020-07-07T10:24:09Z |
Izenpe: Certificates not disclosed in CCADB | 1667846 | RESOLVED | INVALID | Oscar Garcia | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-09-28T18:07:32Z |
Izenpe: CRL and ARL exceed validity period value by one second | 1738421 | RESOLVED | FIXED | David | [ca-compliance] [crl-failure] | 2023-02-22T18:16:10Z | 2021-10-29T09:09:30Z |
Izenpe: EV certificate with various issues | 1267049 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:21:21Z | 2016-04-24T12:16:09Z |
Izenpe: Failure to provide a preliminary report within 24 hours. | 1647121 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [disclosure-failure] | 2023-02-22T18:23:24Z | 2020-06-21T09:43:38Z |
Izenpe: Failure to revoke within 5 days | 1656487 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:25Z | 2020-07-31T12:43:21Z |
Izenpe: incorrect value in stateOrProvinceName | 1653284 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:27Z | 2020-07-16T15:18:49Z |
Izenpe: intermediate certificates not revoked within BR time period | 1598608 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:23:28Z | 2019-11-22T12:53:57Z |
Izenpe: Multiple invalid EV certificates issued | 1559765 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] | 2023-02-22T18:23:29Z | 2019-06-17T09:52:50Z |
Izenpe: Multiple sub CAs with incorrectly encoded SubjectPublicKeyInfo algorithm | 1685767 | RESOLVED | DUPLICATE | Oscar Garcia | [ca-compliance] [ca-misissuance] | 2023-02-22T18:23:30Z | 2021-01-08T17:52:05Z |
Izenpe: Non-BR-Compliant Certificate Issuance | 1391054 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:23:31Z | 2017-08-16T20:46:31Z |
Izenpe: Non-BR-Compliant OCSP Responders | 1398258 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ocsp-failure] | 2023-02-22T18:23:32Z | 2017-09-08T17:59:32Z |
Izenpe: OU > 64 characters | 1528290 | RESOLVED | FIXED | Oscar Garcia | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:33Z | 2019-02-15T16:15:28Z |
Kamu SM: "Some-State" in stateOrProvinceName | 1551369 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:53Z | 2019-05-14T00:30:37Z |
KAMU SM: commonName not in SAN | 1847193 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-09-29T15:36:29Z | 2023-08-04T11:02:03Z |
Kamu SM: Insufficient Serial Number Entropy | 1539190 | RESOLVED | FIXED | Melis Şimşek | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:54Z | 2019-03-26T16:14:28Z |
Kamu SM: Non-BR-Compliant Certificate Issuance | 1390998 | RESOLVED | FIXED | Tuğba ÖZCAN | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:43Z | 2017-08-16T18:25:36Z |
KIR S.A.: Certificates issued greater than stated in CPS | 1708965 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:19Z | 2021-05-02T08:39:21Z |
KIR S.A.: Certificates issued with multiple BR violations | 1495497 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:24:20Z | 2018-10-01T17:51:30Z |
KIR S.A.: CN domain not in SAN | 1705187 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:21Z | 2021-04-14T19:45:55Z |
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains | 1705904 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2023-02-22T18:24:23Z | 2021-04-17T17:55:45Z |
KIR S.A.: Delayed revocations of certificates | 1709872 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:24Z | 2021-05-06T14:44:49Z |
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName | 1705832 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:25Z | 2021-04-16T21:10:15Z |
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown | 1705337 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:26Z | 2021-04-15T09:15:44Z |
KIR S.A.: Invalid organizationName | 1705647 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:27Z | 2021-04-16T07:43:50Z |
KIR S.A.: Many certificates with OCSP Unknown | 1705657 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ocsp-failure] | 2023-02-22T18:24:28Z | 2021-04-16T08:13:53Z |
KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days | 1523186 | RESOLVED | FIXED | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:29Z | 2019-01-27T19:40:18Z |
KIR S.A.: O > 64 characters | 1532112 | RESOLVED | DUPLICATE | Piotr Grabowski | [ca-compliance] [ov-misissuance] | 2023-02-22T18:24:30Z | 2019-03-03T00:36:14Z |
Let's Encrypt intent to issue root and intermediate certificates with organizationName and CABF DV OID | 1658437 | RESOLVED | WORKSFORME | Josh Aas | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-08-10T22:06:28Z |
Let's Encrypt: 302 total OCSP responses available beyond acceptable timelines | 1666047 | RESOLVED | FIXED | Kiel C | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:55Z | 2020-09-18T23:39:32Z |
Let's Encrypt: CAA Misissuances | 1398427 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:48Z | 2017-09-09T05:06:45Z |
Let's Encrypt: CAA Rechecking bug | 1619047 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:47Z | 2020-02-29T05:48:37Z |
Let's Encrypt: Case-sensitive CAA tag processing | 1462735 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [uncategorized] | 2023-02-22T18:18:49Z | 2018-05-18T18:19:49Z |
Let's Encrypt: certificate lifetimes 90 days plus one second | 1715455 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:50Z | 2021-06-09T07:15:17Z |
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist | 1319609 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [dv-misissuance] | 2023-02-22T18:21:22Z | 2016-11-23T00:37:51Z |
Let's Encrypt: Delay updating OCSP responses | 1729567 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [ocsp-failure] | 2023-02-22T18:10:11Z | 2021-09-07T22:06:04Z |
Let's Encrypt: Delayed revocation for removed gTLD | 1795483 | RESOLVED | FIXED | James Renken | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:19:02Z | 2022-10-14T21:45:14Z |
Let's Encrypt: Duplicate Serial Numbers | 1838667 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [dv-misissuance] Next update 2023-07-27 | 2023-07-05T19:33:50Z | 2023-06-15T16:03:51Z |
Let's Encrypt: Expired ISRG Root OCSP X1 Certificate | 1645276 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:03Z | 2020-06-12T01:54:59Z |
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates | 1684112 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:04Z | 2020-12-23T22:46:24Z |
Let's Encrypt: Failure to provide OCSP Responses for some certificates | 1753123 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [ocsp-failure] | 2023-01-04T17:50:21Z | 2022-02-01T23:12:23Z |
Let's Encrypt: Failure to revoke for Certificate Lifetime Incident | 1715672 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:10:13Z | 2021-06-10T00:12:29Z |
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours | 1639794 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:20:48Z | 2020-05-21T06:33:06Z |
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1625322 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:51Z | 2020-03-26T22:22:26Z |
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours | 1627614 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:52Z | 2020-04-06T09:01:48Z |
Let's Encrypt: Improper encoding of wildcard certificates | 1446080 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:53Z | 2018-03-15T18:30:49Z |
Let's Encrypt: Incomplete and Inconsistent CRLs | 1793114 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [crl-failure] | 2023-02-22T18:11:50Z | 2022-09-30T18:04:02Z |
Let's Encrypt: Incomplete revocation for CAA rechecking bug | 1619179 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:54Z | 2020-03-02T01:26:51Z |
Let's Encrypt: Mis-issued certificates related to SC48v2 | 1735247 | RESOLVED | FIXED | Jillian | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:15Z | 2021-10-11T23:29:13Z |
Let's Encrypt: Non-BR-Compliant Certificate Issuance | 1391867 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:18:55Z | 2017-08-19T00:14:01Z |
Let's Encrypt: OCSP "unauthorized" responses | 1486650 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:56Z | 2018-08-27T23:15:00Z |
Let's Encrypt: OCSP Responder Returned "Unauthorized" for Some Precertificates | 1577652 | RESOLVED | INVALID | Jacob Hoffman-Andrews | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-08-29T23:34:57Z |
Let's Encrypt: OCSP responses with no revocationReason | 1648840 | RESOLVED | FIXED | Jacob Hoffman-Andrews | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:50Z | 2020-06-26T19:19:31Z |
Let's Encrypt: TLS Using ALPN TLS Version and OID | 1751984 | RESOLVED | FIXED | Aaron Gable | [ca-compliance] [dv-misissuance] | 2023-02-22T18:11:51Z | 2022-01-25T19:40:00Z |
Let’s Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions | 1576789 | RESOLVED | FIXED | Josh Aas | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:57Z | 2019-08-27T00:18:47Z |
Let’s Encrypt: Certificates issued to Elliptic Curve Debian Weak Keys | 1789521 | RESOLVED | FIXED | Andrew Gabbitas | [ca-compliance] [dv-misissuance] | 2023-02-22T18:12:05Z | 2022-09-06T22:45:26Z |
Let’s Encrypt: End Entity CRLs Not Reissued On Time | 1799755 | RESOLVED | FIXED | J.C. Jones [:jcj] (he/him) | [ca-compliance] [crl-failure] | 2023-02-22T18:19:03Z | 2022-11-08T21:28:58Z |
Let’s Encrypt: TLS Using ALPN Allows Additional Identifiers in Challenge Certificate | 1752670 | RESOLVED | FIXED | Jillian | [ca-compliance] [dv-misissuance] | 2023-02-22T18:20:16Z | 2022-01-29T04:28:58Z |
LuxTrust: Outdated audit statement for intermediate cert | 1578505 | RESOLVED | FIXED | ca | [ca-compliance] [audit-failure] | 2023-02-22T18:15:17Z | 2019-09-03T18:26:59Z |
LuxTrust: Overdue Audit Statements 2019 | 1566580 | RESOLVED | WORKSFORME | Yves Nullens | [ca-compliance] Overdue Audits for root certs | 2022-11-14T22:22:57Z | 2019-07-16T20:01:45Z |
Microsec: Audit Letter Validation Failures | 1625767 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [audit-failure] | 2023-02-22T18:27:04Z | 2020-03-29T15:37:59Z |
Microsec: Certificate validity period greater than 398 days | 1676352 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:02Z | 2020-11-10T10:49:41Z |
Microsec: Failure to revoke noncompliant ICA within 7 days | 1651632 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:27:05Z | 2020-07-09T10:16:34Z |
MICROSEC: Incident report - No OCSP status response for 2 Precertificates | 1844514 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ocsp-failure] | 2023-09-29T15:34:51Z | 2023-07-20T07:46:57Z |
Microsec: Incorrect OCSP Delegated Responder Certificate | 1649947 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ocsp-failure] | 2023-02-22T18:27:06Z | 2020-07-02T01:43:03Z |
Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields | 1622539 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:07Z | 2020-03-14T16:19:37Z |
Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment | 1728384 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:08Z | 2021-08-31T17:51:11Z |
Microsec: Non-BR-Compliant Certificate Issuance | 1391055 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:03Z | 2017-08-16T20:50:39Z |
Microsec: Validity period greater than 825 days | 1512270 | RESOLVED | FIXED | dr. Sándor SZŐKE | [ca-compliance] [uncategorized] | 2023-02-22T18:27:09Z | 2018-12-05T19:10:00Z |
Microsoft DSRE PKI: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request | 1620727 | RESOLVED | DUPLICATE | Dustin Hollenback | [ca-compliance] [ocsp-failure] | 2023-02-22T18:16:55Z | 2020-03-07T01:18:36Z |
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work | 1604124 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] | 2023-02-22T18:16:56Z | 2019-12-16T10:08:09Z |
Microsoft PKI Services, Malformed ICAs (Key Usage Malformed) | 1718991 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:19Z | 2021-07-02T19:45:34Z |
Microsoft PKI Services: 3-Month Access Review Process Failure | 1848280 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] Next update 2023-10-23 | 2023-10-12T10:24:57Z | 2023-08-11T06:18:20Z |
Microsoft PKI Services: Certificate Mis-Issuance, DNSName is not FQDN, Preferred Name Syntax | 1706860 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:20Z | 2021-04-22T05:11:43Z |
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD | 1670337 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:21Z | 2020-10-09T22:39:52Z |
Microsoft PKI Services: CRL Publication Failures | 1842121 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [crl-failure] Next update 2023-08-18 | 2023-09-29T15:34:35Z | 2023-07-07T01:46:36Z |
Microsoft PKI Services: DV certificate issued with OV fields | 1674561 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [dv-misissuance] | 2023-02-22T18:16:57Z | 2020-10-31T13:25:42Z |
Microsoft PKI Services: Failure to disclose Revocation of Intermediate CAs within 7 Days | 1742195 | RESOLVED | FIXED | John Mason | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:22Z | 2021-11-20T00:35:58Z |
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days | 1700809 | RESOLVED | FIXED | John Mason | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:23Z | 2021-03-25T00:35:16Z |
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions) | 1711147 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:24Z | 2021-05-13T22:59:51Z |
Microsoft PKI Services: Overdue Audit Reports 2021 | 1724530 | RESOLVED | FIXED | mohanr | [ca-compliance] [audit-failure] | 2023-02-22T18:22:55Z | 2021-08-06T23:24:25Z |
Microsoft PKI Services: Policy Documentation, Failure to update Domain Validation Method | 1693932 | RESOLVED | FIXED | John Mason | [ca-compliance] [policy-failure] | 2023-02-22T18:20:25Z | 2021-02-20T00:54:20Z |
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period | 1693930 | RESOLVED | FIXED | John Mason | [ca-compliance] [policy-failure] | 2023-02-22T18:20:26Z | 2021-02-20T00:46:40Z |
Microsoft PKI Services: Trusted Role Control Failure | 1848279 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [policy-failure] Next update 2023-10-23 | 2023-10-12T10:25:15Z | 2023-08-11T06:16:06Z |
Microsoft PKI Services: Underscore in SAN | 1705419 | RESOLVED | FIXED | John Mason | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:27Z | 2021-04-15T14:32:01Z |
Microsoft: "unknown" OCSP response for issued certificates | 1793443 | RESOLVED | FIXED | John Mason | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:28Z | 2022-10-03T14:03:39Z |
Microsoft: Certificate Mis-Issuance, Locality Missing | 1644936 | RESOLVED | FIXED | John Mason | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:29Z | 2020-06-11T01:44:46Z |
Microsoft: Failure to modify policy documents within 365 days | 1817023 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [disclosure-failure] | 2023-03-09T21:37:17Z | 2023-02-15T20:02:20Z |
Microsoft: Firewall log data retention | 1658995 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [uncategorized] | 2023-02-22T18:16:58Z | 2020-08-13T21:17:21Z |
Microsoft: Incomplete Logical Access Review Audit Evidence | 1652827 | RESOLVED | FIXED | Dustin Hollenback | [ca-compliance] [uncategorized] | 2023-02-22T18:16:59Z | 2020-07-14T18:12:02Z |
Microsoft: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586847 | RESOLVED | FIXED | Jason Cooper | [ca-compliance] [ca-misissuance] | 2023-02-22T18:19:04Z | 2019-10-07T17:28:29Z |
Microsoft: Loss of Archived Firewall logs from Retention Store | 1602999 | RESOLVED | FIXED | mohanr | [ca-compliance] [uncategorized] | 2023-02-22T18:22:56Z | 2019-12-11T01:48:02Z |
Microsoft: Null Character Bug and Microsoft Root CAs | 1598390 | RESOLVED | FIXED | Julio Montano | [ca-compliance] [ca-misissuance] | 2023-02-22T18:20:54Z | 2019-11-21T18:24:05Z |
Microsoft: Unrevoked 4 intermediate certificates | 1740585 | RESOLVED | FIXED | John Mason | [ca-compliance] [crl-failure] | 2023-02-22T18:20:30Z | 2021-11-10T19:23:37Z |
Multicert: AIA CA Issuer field pointing to PEM encoded cert | 1637093 | RESOLVED | FIXED | ca.forum | [ca-compliance] [ov-misissuance] | 2023-02-22T18:15:13Z | 2020-05-11T22:24:22Z |
NAVER Cloud Trust Services: commonName not in SAN | 1845269 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [ov-misissuance] | 2023-09-29T15:35:46Z | 2023-07-25T10:56:46Z |
NAVER Cloud: DV certificate issued with no subject alternative name extension | 1785865 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [dv-misissuance] | 2023-04-12T15:45:12Z | 2022-08-18T17:25:01Z |
NAVER Cloud: Failure to Respond to May 2022 Survey | 1772411 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:34Z | 2022-06-02T21:38:27Z |
NAVER Cloud: OV certificate issued with OU field | 1843268 | RESOLVED | FIXED | Han Yong, Park | [ca-compliance] [ov-misissuance] | 2023-09-29T15:35:59Z | 2023-07-13T11:39:18Z |
NetLock: CA Certificate Missing from Audit Reports | 1716874 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] [audit-failure] | 2023-05-04T21:30:58Z | 2021-06-16T20:28:57Z |
NetLock: CN not in SAN | 1462423 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:50Z | 2018-05-17T18:05:51Z |
NETLOCK: CRL Error on CRL Watch of NETLOCK DVCA CRL | 1843173 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [crl-failure] | 2023-09-29T15:33:49Z | 2023-07-12T21:02:07Z |
NetLock: Cumulative report connected to EV verification | 1676440 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:51Z | 2020-11-10T16:42:36Z |
NetLock: Delayed revocation report connected to ticket 1680378 | 1688844 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:27:52Z | 2021-01-26T10:45:33Z |
NETLOCK: Disclosed CRL is expired | 1819105 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [crl-failure] | 2023-09-29T15:33:37Z | 2023-02-27T16:06:21Z |
NetLock: Failure to provide regular and timely incident updates | 1572992 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [policy-failure] | 2023-02-22T18:27:53Z | 2019-08-11T00:57:37Z |
NetLock: Failure to revoke noncompliant ICA within 7 days | 1656882 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:27:48Z | 2020-08-03T13:31:12Z |
NETLOCK: Invalid CT data in issued certs (SABRE.CT misconfiguration) | 1824435 | RESOLVED | INVALID | Tamás Horváth | [ca-compliance] [ov-misissuance] | 2023-05-04T22:02:51Z | 2023-03-24T18:38:54Z |
NetLock: Issuance of >398-day precertificates after 2020-09-01 | 1676367 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:54Z | 2020-11-10T11:25:43Z |
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy | 1586795 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ca-misissuance] | 2023-02-22T18:27:55Z | 2019-10-07T15:30:31Z |
NetLock: Non-BR-Compliant Certificate Issuance | 1391056 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] [disclosure-failure] | 2023-02-22T18:27:56Z | 2017-08-16T20:52:45Z |
NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName | 1401211 | RESOLVED | FIXED | Varga Viktor | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:57Z | 2017-09-19T14:44:14Z |
NETLOCK: Pre-certificates revoked with certificateHold reason | 1830823 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] | 2023-08-04T16:10:19Z | 2023-05-02T03:33:54Z |
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit | 1680378 | RESOLVED | FIXED | Anna Bányai | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:32Z | 2020-12-02T22:40:39Z |
NETLOCK: SSL certificates with OU field | 1820174 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [ov-misissuance] | 2023-07-28T22:14:47Z | 2023-03-03T13:53:22Z |
NETLOCK: SSL certificates with OU field - revocation delay | 1822809 | RESOLVED | FIXED | Tamás Horváth | [ca-compliance] [leaf-revocation-delay] | 2023-09-29T15:34:03Z | 2023-03-16T13:19:45Z |
Network Solutions: Audit report delay | 1649507 | RESOLVED | FIXED | Roy Dykes | [ca-compliance] [audit-failure] | 2023-02-22T18:26:02Z | 2020-06-30T16:46:15Z |
Network Solutions: 2021 Audit Findings 1-3 | 1725047 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:56Z | 2021-08-10T22:42:41Z |
Network Solutions: 2021 Audit Observation #1 | 1725039 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:57Z | 2021-08-10T22:29:15Z |
Network Solutions: 2021 Audit Observation #2 | 1725041 | RESOLVED | DUPLICATE | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:20:59Z | 2021-08-10T22:34:00Z |
Network Solutions: 2021 Audit Observation #3 | 1725043 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [audit-finding] | 2023-02-22T18:21:00Z | 2021-08-10T22:35:57Z |
Network Solutions: All test CA test website certificates are expired | 1726333 | RESOLVED | FIXED | Keith McKenney | [ca-compliance] [uncategorized] | 2023-02-22T18:21:01Z | 2021-08-18T10:57:19Z |
OCSP responding good for non-issued certs by Consorci AOC root already solved | 1467110 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] [ocsp-failure] | 2023-02-22T18:28:32Z | 2018-06-06T12:22:46Z |
PKIoverheid / QuoVadis: CPS inconsistencies | 1650234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [policy-failure] | 2023-02-22T18:26:13Z | 2020-07-02T21:57:00Z |
PKIoverheid: (KPN) Incorrect Subject OrganizationName | 1746421 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] [ov-misissuance] | 2023-02-22T18:16:22Z | 2021-12-16T15:26:25Z |
PKIoverheid: CIBG insufficient serial number entropy | 1573490 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:36Z | 2019-08-13T13:48:08Z |
PKIoverheid: Compliance issues CIBG TLS certificates | 1578809 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:17Z | 2019-09-04T17:14:00Z |
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652604 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:20:37Z | 2020-07-13T23:08:45Z |
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue | 1652922 | RESOLVED | DUPLICATE | Ben Wilson | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:15:09Z | 2020-07-15T07:37:39Z |
PKIoverheid: Incorrect OCSP Delegated Responder Certificate | 1649964 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ocsp-failure] | 2023-02-22T18:20:38Z | 2020-07-02T01:51:36Z |
PKIoverheid: KPN CPS lacks problem reporting instructions | 1596923 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [policy-failure] | 2023-02-22T18:20:39Z | 2019-11-15T21:23:24Z |
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6 | 1719451 | RESOLVED | FIXED | David Weissenberg | [ca-compliance] [policy-failure] | 2023-02-22T18:16:23Z | 2021-07-07T11:34:19Z |
PKIoverheid: KPN Insufficient Serial Number Entropy | 1535871 | RESOLVED | FIXED | Jochem van den Berge | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:20:18Z | 2019-03-16T23:38:13Z |
PKIoverheid: KPN issued Invalid organizationalUnitName | 1706950 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:40Z | 2021-04-22T11:27:31Z |
PKIoverheid: Missing audit statement "UZI-register Medewerker Niet op Naam CA G21" | 1609706 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2023-02-22T18:20:41Z | 2020-01-16T16:02:50Z |
PKIoverheid: Missing WTBR audit statements Staat der Nederlanden 2017/2018 | 1605126 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2023-02-22T18:20:43Z | 2019-12-19T15:11:44Z |
PKIoverheid: No BR Audit for subCAs technically capable of issuing TLS certs | 1586125 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2023-02-22T18:20:44Z | 2019-10-03T22:31:04Z |
PKIoverheid: Overdue audit statements for intermediate certificates | 1669518 | RESOLVED | FIXED | Jorik van 't Hof | [ca-compliance] [audit-failure] | 2023-02-22T18:20:45Z | 2020-10-06T15:59:19Z |
PKIoverheid: TSP CPS lacks problem reporting instructions | 1610507 | RESOLVED | DUPLICATE | Jorik van 't Hof | [ca-compliance] [policy-failure] | 2023-02-22T18:20:46Z | 2020-01-21T13:36:15Z |
Potential Denial of Service against websites with broad private key reuse | 1742704 | RESOLVED | FIXED | Ben Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:15:10Z | 2021-11-23T21:14:42Z |
Private keys for certificates exposed through their web server | 1378074 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:25Z | 2017-07-04T08:50:18Z |
Problem with NETLOCK's codesigning CA | 1734114 | RESOLVED | INVALID | Anna Bányai | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-10-05T10:11:30Z |
PROCERT: Non-BR-Compliant Certificate Issuance | 1391058 | RESOLVED | DUPLICATE | Procert | [ca-compliance] [uncategorized] | 2023-02-22T18:22:57Z | 2017-08-16T20:57:02Z |
QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage | 1468477 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:15Z | 2018-06-13T12:54:22Z |
QuoVadis / PKIoverheid: incorrect OCSP response for precertificate | 1724276 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:42Z | 2021-08-05T18:40:48Z |
QuoVadis / Siemens: Insufficient serial number entropy | 1534535 | RESOLVED | FIXED | Rufus Buschart | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:04Z | 2019-03-12T07:37:16Z |
QuoVadis: BR Error - san dns name starts with period | 1521950 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:16Z | 2019-01-22T22:10:07Z |
QuoVadis: EV serialNumber with "none" | 1645708 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:17Z | 2020-06-14T21:43:34Z |
QuoVadis: Failure to revoke certificates with compromised private keys | 1624504 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:26:18Z | 2020-03-24T01:02:25Z |
QuoVadis: Incorrect EV businessCategory | 1593357 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:19Z | 2019-11-01T21:20:00Z |
QuoVadis: IPaddress in DNSname SAN | 1530623 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:20Z | 2019-02-26T09:12:26Z |
QuoVadis: LLB insufficient Serial Number Entropy | 1540315 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [uncategorized] | 2023-02-22T18:26:21Z | 2019-03-29T23:33:45Z |
QuoVadis: N/A in EV serialNumber field | 1576283 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:22Z | 2019-08-23T22:05:48Z |
QuoVadis: OCSP handling of Certificate Transparency Pre-certs | 1579950 | RESOLVED | INVALID | Stephen Davidson | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-09T18:24:47Z |
QuoVadis: Unconstrained CAs missing audits | 1581597 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] [covid-19] | 2023-02-22T18:26:24Z | 2019-09-16T18:42:56Z |
QuoVadis: Certificate containing Debian weak key | 1472052 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:25Z | 2018-06-29T01:12:49Z |
QuoVadis: DarkMatter Insufficient Serial Number Entropy | 1531800 | RESOLVED | FIXED | Scott Rea | [ca-compliance] [ca-misissuance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:26:07Z | 2019-03-01T16:19:06Z |
QuoVadis: EV JOI Issue | 1581234 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:26Z | 2019-09-13T22:22:25Z |
QuoVadis: Failure to provide a preliminary report within 24 hours | 1762456 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2022-03-31T19:01:43Z |
QuoVadis: Failure to provide a preliminary report within 24 hours. | 1649880 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [disclosure-failure] | 2023-02-22T18:26:27Z | 2020-07-01T21:05:09Z |
QuoVadis: failure to reply in a timely manner | 1590171 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [policy-failure] | 2023-02-22T18:26:28Z | 2019-10-21T17:17:06Z |
QuoVadis: Failure to revoke within 7 days: OCSP EKU issue | 1651553 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] [ocsp-failure] | 2023-02-22T18:26:29Z | 2020-07-09T00:51:12Z |
QuoVadis: hostnames not in preferred name syntax | 1738472 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:31Z | 2021-10-29T16:44:31Z |
QuoVadis: improper countryName format | 1493760 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:32Z | 2018-09-24T18:07:26Z |
QuoVadis: Incorrect EV jurisdiction of incorporation information | 1589047 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:33Z | 2019-10-16T10:41:58Z |
QuoVadis: Incorrect keyUsage for ECC certificate | 1667518 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:34Z | 2020-09-26T03:15:20Z |
QuoVadis: Incorrect OCSP Delegated Responder Certificate | 1649938 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:35Z | 2020-07-02T01:17:21Z |
Quovadis: Insufficient Serial Number Entropy | 1533899 | RESOLVED | INVALID | Jeremy Rowley | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-03-08T22:01:46Z |
QuoVadis: IP in dnsName | 1524879 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:36Z | 2019-02-03T19:43:33Z |
QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs | 1586792 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-misissuance] | 2023-02-22T18:26:37Z | 2019-10-07T15:24:29Z |
QuoVadis: Multiple unreported misissuances in 2018 | 1519260 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:38Z | 2019-01-10T23:29:21Z |
QuoVadis: Non-BR-Compliant Certificate Issuance | 1391063 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] [remediation-accepted] | 2023-02-22T18:26:08Z | 2017-08-16T21:05:29Z |
QuoVadis: Non-BR-Compliant issuance --improper characters in DNSName (BIT sub-CA) | 1430909 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:10Z | 2018-01-16T22:28:17Z |
QuoVadis: Non-BR-Compliant OCSP Responder | 1426238 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:26:11Z | 2017-12-19T21:22:13Z |
QuoVadis: Recap of BR Compliance in 2018 issuance by external subCAs | 1519265 | VERIFIED | FIXED | Wayne Thayer | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-01-10T23:47:58Z |
QuoVadis: revocation services validity set to expected value plus one second | 1733000 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ocsp-failure] [crl-failure] | 2023-02-22T18:26:39Z | 2021-09-28T22:42:07Z |
QuoVadis: Unconstrained CAs revocation | 1599916 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:26:40Z | 2019-11-27T21:57:43Z |
QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17) | 1563917 | RESOLVED | FIXED | Stephen Davidson | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:41Z | 2019-07-06T15:42:34Z |
RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone | 1409735 | RESOLVED | FIXED | Steven Medin | [ca-compliance] [dv-misissuance] | 2023-02-22T18:26:43Z | 2017-10-18T13:32:33Z |
SECOM: "Default City" in Subject:localityName | 1548714 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:09Z | 2019-05-02T23:53:31Z |
SECOM: Ambiguity on KeyUsage with ECC public key | 1560234 | RESOLVED | INVALID | Hisashi Kamo | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-06-20T01:59:05Z |
SECOM: CA Certificates Missing from Audit Reports | 1717044 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2023-02-22T18:18:11Z | 2021-06-17T15:26:20Z |
SECOM: certificate for .test TLD | 1524452 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:12Z | 2019-02-01T04:03:25Z |
SECOM: certificate for which “L” and “ST” not set | 1544722 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:13Z | 2019-04-16T10:11:22Z |
SECOM: certificate for which “OU=-” | 1544712 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:14Z | 2019-04-16T09:42:44Z |
SECOM: CP/CPS does not clearly specify domain validation methods | 1705480 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [policy-failure] | 2023-02-22T18:18:15Z | 2021-04-15T17:41:50Z |
SECOM: CrossTrust: OU > 64 characters | 1532105 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:16Z | 2019-03-03T00:06:46Z |
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue | 1652610 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:18:08Z | 2020-07-13T23:18:28Z |
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates | 1707229 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:17Z | 2021-04-23T12:56:12Z |
SECOM: Failed an annual update of Cybertrust Japan (CTJ) CPS | 1769222 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [policy-failure] | 2023-02-22T18:18:18Z | 2022-05-13T09:52:17Z |
SECOM: Failure to disclose Unconstrained Intermediate within 7 Days | 1563574 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:19Z | 2019-07-04T17:34:40Z |
SECOM: failure to revoke underscores | 1524816 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:18:21Z | 2019-02-03T00:10:12Z |
SECOM: FUJIFILM intermediate not listed in audit statement | 1695938 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2023-02-22T18:18:22Z | 2021-03-02T15:29:12Z |
SECOM: Incorrect OCSP Delegated Responder Certificate | 1649962 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ca-misissuance] | 2023-02-22T18:18:23Z | 2020-07-02T01:47:21Z |
SECOM: Insufficient Serial Number Entropy | 1539358 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [uncategorized] | 2023-02-22T18:18:24Z | 2019-03-27T06:44:50Z |
SECOM: Mis-issued EV Certificates | 1576133 | RESOLVED | FIXED | Yuu Hidaka | [ca-compliance] [ev-misissuance] | 2023-02-22T18:28:52Z | 2019-08-23T11:22:28Z |
SECOM: Non-BR-Compliant Certificate Issuance | 1391064 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:25Z | 2017-08-16T21:08:12Z |
SECOM: Non-BR-Compliant OCSP Responders | 1398259 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ocsp-failure] | 2023-02-22T18:18:26Z | 2017-09-08T18:01:40Z |
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ) | 1805866 | RESOLVED | FIXED | ONO Fumiaki | [ca-compliance] [ev-misissuance] | 2023-02-02T01:51:38Z | 2022-12-15T10:15:13Z |
SECOM: Outdated audit statements for intermediate certs | 1695993 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [audit-failure] | 2023-02-22T18:18:27Z | 2021-03-02T18:51:51Z |
SECOM: Root CRLs exceed maximum validity period by 1 second | 1735998 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [crl-failure] [policy-failure] | 2023-02-22T18:18:28Z | 2021-10-15T10:07:51Z |
SECOM: TSA Certs Issued from Root | 1452671 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [uncategorized] | 2023-02-22T18:18:29Z | 2018-04-09T16:09:21Z |
SECOM: Undisclosed intermediate certificates | 1497703 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [disclosure-failure] | 2023-02-22T18:18:30Z | 2018-10-09T22:45:08Z |
SECOM: Unqualified domain name in SAN | 1695786 | RESOLVED | FIXED | Hisashi Kamo | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:31Z | 2021-03-01T22:55:03Z |
Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate | 1567060 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:08Z | 2019-07-18T04:15:06Z |
Sectigo: "Default City" in Subject:localityName | 1548713 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:25:09Z | 2019-05-02T23:51:36Z |
Sectigo: "Manual DCV" method used | 1718579 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:10Z | 2021-06-29T00:03:51Z |
Sectigo: "Some-State" in stateOrProvinceName | 1551362 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:25:10Z | 2019-05-14T00:10:57Z |
Sectigo: "unauthorized" OCSP responses | 1639518 | VERIFIED | INVALID | Robin Alden | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-05-20T10:59:02Z |
Sectigo: 2020 failure to respond to abuse report discovered | 1718785 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [disclosure-failure] [policy-failure] | 2023-02-22T18:27:11Z | 2021-06-30T17:56:11Z |
Sectigo: CCADB failed ALV - D-TRUST CA 2-1 2015 | 1597948 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [audit-failure] | 2023-02-22T18:25:12Z | 2019-11-20T12:10:59Z |
Sectigo: CCADB failed ALV - Ensured Root CA | 1597950 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [audit-failure] | 2023-02-22T18:25:13Z | 2019-11-20T12:14:01Z |
Sectigo: CCADB failed ALV - Network Solutions Certificate Authority | 1597947 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [audit-failure] | 2023-02-22T18:24:58Z | 2019-11-20T12:09:52Z |
Sectigo: Certificate issuance delayed for more than 398 days after DCV was completed | 1829746 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-06-02T15:24:51Z | 2023-04-24T20:07:46Z |
Sectigo: Certificate Problem Report response issues | 1650845 | RESOLVED | FIXED | Nick France | [ca-compliance] [ev-misissuance] [policy-failure] | 2023-02-22T18:23:17Z | 2020-07-06T17:10:43Z |
Sectigo: Certificates with RSA keys where modulus is not divisible by 8 | 1653504 | RESOLVED | FIXED | Nick France | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:23:18Z | 2020-07-17T09:10:59Z |
Sectigo: CRL validity beyond CPS allowed value | 1735761 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [crl-failure] | 2023-02-22T18:27:12Z | 2021-10-14T10:32:23Z |
Sectigo: DCV Reuse after 825 days | 1718771 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:24:59Z | 2021-06-30T15:52:53Z |
Sectigo: EV SSL Certificates with incorrect businessCategory | 1590810 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:14Z | 2019-10-23T16:10:18Z |
Sectigo: EV SSL Certificates with incorrect subject details. | 1575022 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:15Z | 2019-08-19T18:59:33Z |
Sectigo: Failure to block disallowed LDH labels in domain names | 1740493 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [dv-misissuance] | 2023-02-22T18:22:04Z | 2021-11-10T13:27:26Z |
Sectigo: Failure to properly respond to a report of subscriber key compromise | 1635840 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:16Z | 2020-05-06T17:13:00Z |
Sectigo: Failure to provide a preliminary report within 24 hours | 1619359 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:17Z | 2020-03-02T18:01:01Z |
Sectigo: Failure to provide a preliminary report within 24 hours. | 1648717 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [disclosure-failure] | 2023-02-22T18:24:47Z | 2020-06-26T09:09:54Z |
Sectigo: Failure to provide timely incident reports | 1563579 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [disclosure-failure] | 2023-02-22T18:25:01Z | 2019-07-04T17:59:35Z |
Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours | 1625715 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:18Z | 2020-03-29T00:18:56Z |
Sectigo: Failure to revoke ECC certificates with non-DER encoded keyUsage within 5 days | 1800756 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:05Z | 2022-11-15T21:52:53Z |
Sectigo: Failure to revoke key-compromised certificate within 24 hours | 1639804 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:19Z | 2020-05-21T07:25:52Z |
Sectigo: Failure to revoke key-compromised certificates | 1639805 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:48Z | 2020-05-21T07:38:21Z |
Sectigo: Failure to revoke within 24 hours | 1492006 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:25:20Z | 2018-09-18T00:02:26Z |
Sectigo: Failure to revoke within 5 days | 1665763 | RESOLVED | FIXED | Rich Smith | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:24:49Z | 2020-09-17T21:27:03Z |
Sectigo: Forbidden Domain Validation Method | 1714628 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:13Z | 2021-06-04T17:20:27Z |
Sectigo: Inadequate DCV | 1694233 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:14Z | 2021-02-22T19:24:36Z |
Sectigo: Inappropriate subject:serialNumber information in EV certificates obtained through ACME | 1712120 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:15Z | 2021-05-20T15:21:55Z |
Sectigo: Incomplete Subject organizationName | 1813989 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] Next update 2023-04-17 | 2023-05-04T21:28:52Z | 2023-01-31T08:42:03Z |
Sectigo: Incomplete Subscriber Agreement provisions | 1823723 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2023-04-05T16:52:17Z | 2023-03-21T15:48:45Z |
Sectigo: Incorrect EV businessCategory | 1715929 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:17Z | 2021-06-11T02:25:59Z |
Sectigo: Incorrect JOI | 1793789 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:06Z | 2022-10-05T14:25:47Z |
Sectigo: Incorrect JOI Country value | 1747915 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:07Z | 2021-12-29T19:09:55Z |
Sectigo: Incorrect JOI for federal credit unions | 1741026 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:18Z | 2021-11-13T16:34:49Z |
Sectigo: Incorrect locality information | 1714193 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:19Z | 2021-06-02T20:05:35Z |
Sectigo: Incorrect OCSP responses | 1763203 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:08Z | 2022-04-05T17:53:55Z |
Sectigo: invalid dnsName | 1524730 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:21Z | 2019-02-02T01:44:17Z |
Sectigo: Invalid postalCode field | 1708934 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:20Z | 2021-05-01T21:49:27Z |
Sectigo: Invalid stateOrProvinceName | 1710243 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ov-misissuance] | 2023-02-22T18:25:02Z | 2021-05-08T20:03:45Z |
Sectigo: invalid subject:organizationalUnitName on DV certificates | 1593776 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [dv-misissuance] | 2023-02-22T18:25:22Z | 2019-11-04T18:55:11Z |
Sectigo: Issuance of ECC leaf certificates with non-DER encoded keyUsage | 1796803 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:25:03Z | 2022-10-21T15:24:55Z |
Sectigo: Lack of input validation in stateOrProvinceName | 1645686 | RESOLVED | DUPLICATE | Rich Smith | [ca-compliance] [ev-misissuance] | 2023-02-22T18:24:50Z | 2020-06-14T14:37:40Z |
Sectigo: Late CCADB update after CPS update | 1812336 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [disclosure-failure] | 2023-02-10T16:58:18Z | 2023-01-25T14:55:26Z |
Sectigo: Late revocation for incomplete Subject organizationName | 1818073 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [leaf-revocation-delay] Next update 2023-06-26 | 2023-06-28T16:51:41Z | 2023-02-21T20:12:04Z |
Sectigo: Missing Changelog in CPS | 1545208 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [policy-failure] | 2023-02-22T18:25:23Z | 2019-04-17T19:08:11Z |
Sectigo: Missing registration numbers in EV certificates | 1721271 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:21Z | 2021-07-19T21:45:25Z |
Sectigo: Misspelled city name in localityName field | 1782356 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:22Z | 2022-07-30T13:02:46Z |
Sectigo: Misspellings in stateOrProvince or localityName fields | 1715024 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:23Z | 2021-06-07T13:54:17Z |
Sectigo: Mojibake in certificate Subject fields | 1724458 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:24Z | 2021-08-06T16:57:05Z |
Sectigo: Non-existent hostname in CDP and AIA URLs | 1793787 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [dv-misissuance] | 2023-02-22T18:22:09Z | 2022-10-05T14:14:20Z |
Sectigo: Non-revocation of certificates with subject:organizationalUnitName in DV certificates | 1620561 | RESOLVED | FIXED | Nick France | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:20Z | 2020-03-06T11:47:14Z |
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature | 1741777 | RESOLVED | FIXED | Rob Stradling | [ca-compliance] [ocsp-failure] | 2023-02-22T18:25:04Z | 2021-11-18T02:46:40Z |
Sectigo: Potential audit report delay | 1648593 | RESOLVED | FIXED | Nick France | [ca-compliance] [audit-failure] | 2023-02-22T18:23:21Z | 2020-06-25T20:29:41Z |
Sectigo: potentially invalid organizational validation certificates | 1717046 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-06-17T15:29:48Z |
Sectigo: Reseller ZeroSSL and Private Key Generation | 1699756 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2022-11-14T22:22:57Z | 2021-03-19T16:45:46Z |
Sectigo: S/MIME certificates with (null) string value in subject attributes | 1853987 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] | 2023-10-12T10:22:14Z | 2023-09-19T18:31:06Z |
Sectigo: SC45 DCV Reuse Error | 1756847 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:10Z | 2022-02-23T18:08:18Z |
Sectigo: SMIME issuance with insufficient validation of mailbox authorization or control | 1860299 | RESOLVED | FIXED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] Next update 2023-11-30 | 2023-12-02T18:40:52Z | 2023-10-20T15:58:12Z |
Sectigo: State name in localityName | 1720744 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:25Z | 2021-07-15T16:53:25Z |
Sectigo: Subject field with unvalidated information included in certificates | 1736064 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:26Z | 2021-10-15T16:48:48Z |
Sectigo: test certificates issued from trusted CA | 1712188 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ov-misissuance] | 2023-02-22T18:27:27Z | 2021-05-20T19:03:05Z |
Sectigo: Truncated registration numbers in EV certificates | 1732484 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:29Z | 2021-09-24T19:03:41Z |
Sectigo: Use of forbidden subjectPublicKeyInfo algorithm | 1518553 | RESOLVED | FIXED | Robin Alden | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:25:24Z | 2019-01-08T17:41:10Z |
Sectigo: ZeroSSL: failure to revoke within 24 hours | 1698936 | RESOLVED | FIXED | Tim Callan | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:27:30Z | 2021-03-16T20:06:24Z |
SecureTrust: "Some-State" in stateOrProvinceName | 1551374 | RESOLVED | FIXED | fcorday | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:38Z | 2019-05-14T00:49:17Z |
SecureTrust: 2 certificates with non-DER encoded keyUsage extension | 1776764 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [ca-misissuance] Next update 3-1-2023 | 2023-04-13T19:30:06Z | 2022-06-27T20:16:24Z |
SecureTrust: BR Audit 2019 - matters to be resolved | 1606031 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] audit-finding] | 2023-02-22T18:15:30Z | 2019-12-26T22:20:23Z |
SecureTrust: CPS section 6.1.1.1 number 3 non-compliance event | 1671037 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [policy-failure] | 2023-02-22T18:12:39Z | 2020-10-13T21:18:56Z |
SecureTrust: Delayed revocation of a customer revoke request | 1724485 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:12:40Z | 2021-08-06T18:22:25Z |
SecureTrust: Failure to provide a preliminary report within 24 hours. | 1667799 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [disclosure-failure] | 2023-02-22T18:12:41Z | 2020-09-28T15:14:10Z |
SecureTrust: Inaccurate value in stateOrProvinceName | 1667842 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:42Z | 2020-09-28T17:56:38Z |
SecureTrust: Incorrect OCSP response | 1765800 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:43Z | 2022-04-21T13:55:38Z |
SecureTrust: Invalid localityName | 1720723 | RESOLVED | FIXED | Andrea Holland | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:44Z | 2021-07-15T15:19:07Z |
SecureTrust: Metadata-only field values in 2 certificates | 1646711 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] [ov-misissuance] [ev-misissuance] | 2023-02-22T18:15:31Z | 2020-06-18T12:18:35Z |
SecureTrust: Unconstrained ICA not included in WTBR audit report | 1600844 | RESOLVED | FIXED | Corey Bonnell | [ca-compliance] [audit-failure] | 2023-02-22T18:15:32Z | 2019-12-03T01:24:16Z |
SecureTrust: Unvalidated domain in certificate | 1546776 | RESOLVED | FIXED | fcorday | [ca-compliance] [ov-misissuance] | 2023-02-22T18:17:37Z | 2019-04-24T19:20:29Z |
Sertifitseerimiskeskuse: Non-BR-Compliant OCSP Responders | 1398233 | RESOLVED | FIXED | Mihkel Tammsalu | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:52Z | 2017-09-08T17:17:00Z |
SHECA: CRLs not downloading | 1855997 | RESOLVED | FIXED | jasmine.tang | [ca-compliance] [crl-failure] [external] Next update 2023-11-02 | 2023-11-22T16:21:42Z | 2023-09-29T15:43:40Z |
SHECA: Delayed revocation of intermediate CA certificates | 1814288 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ca-revocation-delay] | 2023-04-07T15:31:30Z | 2023-01-31T22:54:30Z |
SHECA: Failure to Respond to April 2023 Survey | 1838866 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [disclosure-failure] | 2023-09-29T15:32:20Z | 2023-06-16T13:15:02Z |
SHECA: Failure to revoke within 5 days | 1856503 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [leaf-revocation-delay] | 2023-10-19T15:38:33Z | 2023-10-03T01:23:53Z |
SHECA: Failure to Submit Annual CCADB Self Assessment | 1844799 | RESOLVED | FIXED | jasmine.tang | [ca-compliance] [disclosure-failure] | 2023-10-12T10:23:09Z | 2023-07-21T15:03:49Z |
SHECA: Issuance of test certificates | 1859694 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2023-11-29T22:25:52Z | 2023-10-18T02:54:53Z |
SHECA: Non-compliant Subject Fields problem in OV TLS certificate | 1839105 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ov-misissuance] | 2023-11-29T22:28:00Z | 2023-06-19T02:53:30Z |
SHECA: organizationName problems in OV and EV TLS certificates | 1815527 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ov-misissuance][ev-misissuance] | 2023-11-29T22:28:15Z | 2023-02-07T19:11:58Z |
SHECA: Outdated Organizational Units (OUs) problems in OV TLS certificates | 1838765 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ov-misissuance] | 2023-11-29T22:27:38Z | 2023-06-16T02:32:36Z |
SHECA: UniTrust: EV certificate with wrong Registry Country Name | 1798626 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ev-misissuance] | 2023-11-29T22:28:29Z | 2022-11-02T07:26:52Z |
SHECA: UniTrust: Improper DER results in failure to comply with RFC 5280 - Encoded sequence component with default value | 1735908 | RESOLVED | FIXED | chenxiaotong | [ca-compliance] [ca-misissuance] | 2023-11-29T22:28:42Z | 2021-10-14T21:23:38Z |
SK ID Solutions: Audit Letter Validation failures on intermediate certificates | 1614449 | RESOLVED | FIXED | Kristel Rünnimeri | [ca-compliance] [audit-failure] | 2023-02-22T18:21:07Z | 2020-02-10T19:47:41Z |
SK ID Solutions: Incorrect OCSP Delegated Responder Certificate | 1649942 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ocsp-failure] | 2023-02-22T18:21:26Z | 2020-07-02T01:31:11Z |
SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl | 1548720 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [crl-failure] | 2023-02-22T18:26:50Z | 2019-05-03T00:11:35Z |
SSL.com: Delayed revocation of 53 certificates affected by bug #1750631 | 1752636 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:26:52Z | 2022-01-28T22:29:40Z |
SSL.com: Delayed revocation of certificate with weak key | 1800753 | RESOLVED | WONTFIX | Thomas Zermeno | [ca-compliance] [leaf-revocation-delay] | 2023-07-21T16:04:41Z | 2022-11-15T21:39:50Z |
SSL.com: Expired CRLs | 1550576 | RESOLVED | INVALID | Chris Kemmerer | [ca-compliance] Expired CRLs | 2022-11-14T22:22:57Z | 2019-05-09T19:44:25Z |
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels | 1724520 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [dv-misissuance] | 2023-02-22T18:26:52Z | 2021-08-06T21:36:16Z |
SSL.com: Insufficient serial number entropy | 1534147 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] [ca-misissuance] [ev-misissuance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:22:30Z | 2019-03-10T19:05:43Z |
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate | 1666872 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [ov-misissuance] | 2023-02-22T18:26:53Z | 2020-09-23T17:56:42Z |
SSL.com: Intermediate certificate not listed in audit reports | 1610000 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [audit-failure] | 2023-02-22T18:26:55Z | 2020-01-17T19:04:23Z |
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list. | 1790693 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [ev-misissuance] | 2023-03-24T16:11:39Z | 2022-09-13T19:44:46Z |
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information | 1722089 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:56Z | 2021-07-23T21:02:56Z |
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value | 1719916 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [ev-misissuance] | 2023-02-22T18:26:57Z | 2021-07-09T19:50:31Z |
SSL.com: Issuance of TLS certificates with validation methods prohibited by SC-45 | 1750631 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [dv-misissuance] | 2023-02-22T18:26:58Z | 2022-01-17T20:21:06Z |
SSL.com: Issued precertificate with Debian Weak Key | 1620772 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [dv-misissuance] | 2023-02-22T18:26:59Z | 2020-03-07T14:06:55Z |
SSL.com: P-384 curve / ecdsa-with-SHA256 certificates | 1534145 | RESOLVED | FIXED | Fotis Loukos | [ca-compliance] [ca-misissuance] [ev-misissuance] [ov-misissuance] [dv-misissuance] [ocsp-failure] | 2023-02-22T18:22:31Z | 2019-03-10T19:01:20Z |
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown" | 1579509 | RESOLVED | INVALID | Thomas Zermeno | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-09-06T19:46:35Z |
SSL.com: S/MIME certificates issued prior to validation | 1850171 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [smime-misissuance] | 2023-09-29T15:36:14Z | 2023-08-25T19:54:01Z |
SSL.com: Wildcard DV certificate issued with a non-validated domain name | 1678720 | RESOLVED | FIXED | Thomas Zermeno | [ca-compliance] [dv-misissuance] | 2023-02-22T18:27:00Z | 2020-11-20T20:49:10Z |
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant Certificate Issuance | 1391864 | RESOLVED | FIXED | Mark Janssen | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:02Z | 2017-08-19T00:07:39Z |
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders | 1398251 | RESOLVED | FIXED | Mark Janssen | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:03Z | 2017-09-08T17:54:56Z |
Startcom CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone | 1409859 | RESOLVED | INVALID | Iñigo | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-10-18T19:59:35Z |
StartCom: 'un-revoking' intermediate certificates | 1369342 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [uncategorized] | 2023-02-22T18:21:28Z | 2017-06-01T11:12:19Z |
StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record | 1409760 | RESOLVED | WONTFIX | Iñigo | [ca-compliance] | 2022-11-14T22:22:57Z | 2017-10-18T14:52:31Z |
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values | 1369359 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:29Z | 2017-06-01T13:06:12Z |
StartCom: Non-BR-Compliant Certificate Issuance -- adding Certnomis intermediates to OneCRL | 1386894 | RESOLVED | DUPLICATE | Kathleen Wilson | [ca-compliance] [ev-misissuance] [dv-misissuance] | 2023-02-22T18:21:30Z | 2017-08-03T00:03:01Z |
Swisscom: certificates without DNS names in subjectAltName | 1195115 | RESOLVED | WONTFIX | H-P Waldegger | [ca-compliance] | 2022-11-14T22:22:57Z | 2015-08-16T14:58:11Z |
Swisscom: Missing Audits for Unconstrained Intermediate Certificates | 1464286 | RESOLVED | FIXED | H-P Waldegger | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:33Z | 2018-05-25T00:51:26Z |
SwissSign: 'c/o' in streetAddress of EV certificate | 1798316 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:32Z | 2022-10-31T13:59:04Z |
SwissSign: "Some-State" in stateOrProvinceName | 1551364 | RESOLVED | FIXED | Timo Schmitt | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:32Z | 2019-05-14T00:23:18Z |
SwissSign: Audit Letter Validation failures on intermediate certificates | 1614450 | RESOLVED | WORKSFORME | Nathalie Weiler | [ca-compliance] | 2022-11-14T22:22:57Z | 2020-02-10T19:49:22Z |
SwissSign: BRs require full annual audits | 1374381 | RESOLVED | FIXED | Reinhard Dietrich | [ca-compliance] [audit-failure] | 2023-02-22T18:24:44Z | 2017-06-19T19:01:39Z |
SwissSign: Cert issued with a to long validity period | 1443731 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] [ov-misissuance] | 2023-02-22T18:20:51Z | 2018-03-07T07:52:56Z |
SwissSign: Cert issued with a to long validity period | 1443733 | RESOLVED | DUPLICATE | Wayne Thayer | [ca-compliance] [ev-misissuance] | 2023-02-22T18:28:34Z | 2018-03-07T08:14:37Z |
SwissSign: Certificate issue with Signature | 1459557 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:20:52Z | 2018-05-07T09:03:07Z |
SwissSign: Certificate with key length 16258 | 1731586 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [uncategorized] | 2023-02-22T18:22:33Z | 2021-09-20T12:42:59Z |
SwissSign: Certificate with key length 4098 bit | 1691704 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:34Z | 2021-02-09T13:32:50Z |
SwissSign: CP/CPS certificate profile issue | 1558552 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:35Z | 2019-06-11T16:36:54Z |
SwissSign: CRL/OCSP revocation time mismatch | 1815466 | RESOLVED | FIXED | Roman Fischer | [ca-compliance] [crl-failure] [ocsp-failure] Next update 2023-04-30 | 2023-04-19T22:25:32Z | 2023-02-07T15:34:55Z |
SwissSign: Delayed revocation for mispellings in Location for a number of Certificates | 1613406 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:22:36Z | 2020-02-05T15:31:09Z |
SwissSign: Domain validated certificate but with stateOrProvinceName | 1473971 | RESOLVED | FIXED | Reinhard Dietrich | [ca-compliance] [dv-misissuance] | 2023-02-22T18:24:46Z | 2018-07-06T17:47:50Z |
SwissSign: duplicate serial number | 1636140 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [dv-misissuance] | 2023-02-22T18:22:37Z | 2020-05-07T14:53:04Z |
SwissSign: duplicate serial number | 1677737 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ev-misissuance] | 2023-02-22T18:22:39Z | 2020-11-17T14:20:44Z |
SwissSign: Error in OrganisationIdentifier in signature/seal certificate | 1541064 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [uncategorized] | 2023-02-22T18:22:40Z | 2019-04-02T14:45:33Z |
SwissSign: EV code in JurisdiktionStateOrProvinceName | 1860750 | RESOLVED | FIXED | raffaela.achermann | [ca-compliance] [ev-misissuance] | 2023-11-08T16:29:05Z | 2023-10-24T09:52:05Z |
SwissSign: EV delayed revocation | 1861682 | RESOLVED | FIXED | Roman Fischer | [ca-compliance] [leaf-revocation-delay] | 2023-12-02T18:41:24Z | 2023-10-27T14:29:27Z |
SwissSign: failure to provide a preliminary report within 24 hours | 1636141 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [disclosure-failure] | 2023-02-22T18:22:41Z | 2020-05-07T14:55:37Z |
SwissSign: Failure to provide a preliminary report within 24 hours. | 1671113 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [disclosure-failure] | 2023-02-22T18:22:42Z | 2020-10-14T09:01:38Z |
SwissSign: Invalid CT data in issued certs (SABRE.CT misconfiguration) | 1825232 | RESOLVED | INVALID | Ben Wilson | [ca-compliance] | 2023-03-31T16:47:58Z | 2023-03-29T10:36:00Z |
SwissSign: Invalid DNSName in SAN | 1428877 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:22:43Z | 2018-01-08T20:42:24Z |
SwissSign: Invalid stateOrProvinceName field | 1670894 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:44Z | 2020-10-13T09:12:33Z |
SwissSign: Mis-Issuance of S/MIME certificates | 1766255 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [uncategorized] | 2023-02-22T18:22:45Z | 2022-04-25T13:41:25Z |
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier | 1506607 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ca-misissuance] | 2023-02-22T18:22:46Z | 2018-11-12T15:12:59Z |
SwissSign: Misissuance of Leaf Certificates because of incorrect postcode | 1569651 | RESOLVED | FIXED | Timo Schmitt | [ca-compliance] [ev-misissuance] | 2023-02-22T18:27:33Z | 2019-07-29T16:14:45Z |
SwissSign: Misissuance with mispellings in Location for a number of Certificates | 1613334 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ov-misissuance] | 2023-02-22T18:22:47Z | 2020-02-05T10:42:24Z |
SwissSign: Missed deadline of publication of 6 CPs and 1 CP/CPS | 1784881 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [disclosure-failure] | 2023-02-22T18:22:49Z | 2022-08-15T13:44:32Z |
SwissSign: Missed revocation and opening Bugzilla | 1849364 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [leaf-revocation-delay] | 2023-09-22T22:44:45Z | 2023-08-18T14:14:27Z |
SwissSign: Non-BR-Compliant Certificate Issuance | 1391066 | RESOLVED | FIXED | Corneia Enke | [ca-compliance] [uncategorized] | 2023-02-22T18:16:04Z | 2017-08-16T21:17:21Z |
SwissSign: OCSP responder unreachable | 1662137 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ocsp-failure] | 2023-02-22T18:22:50Z | 2020-08-31T14:38:21Z |
SwissSign: S/MIME wrong key Usage | 1851164 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [smime-misissuance] | 2023-09-22T22:43:36Z | 2023-09-01T12:33:43Z |
SwissSign: Two certs issued with same issuer and serial number | 1404403 | RESOLVED | FIXED | Corneia Enke | [ca-compliance] [ca-misissuance] | 2023-02-22T18:16:05Z | 2017-09-29T16:14:50Z |
SwissSign: Undisclosed Intermediate Certificates | 1455132 | RESOLVED | FIXED | Juerg.Eiholzer | [ca-compliance] [disclosure-failure] | 2023-02-22T18:20:53Z | 2018-04-18T21:50:00Z |
SwissSign: wrong address in EV certificate | 1734131 | RESOLVED | FIXED | Mike Guenther | [ca-compliance] [ev-misissuance] [ov-misissuance] | 2023-02-22T18:22:51Z | 2021-10-05T11:56:50Z |
Symantec: Mis-issued test certificates by CrossCert | 1334377 | RESOLVED | FIXED | Kathleen Wilson | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:31Z | 2017-01-27T05:32:49Z |
Symantec: Non-audited, non-technically-constrained intermediate cert | 1368178 | RESOLVED | FIXED | Steven Medin | [ca-compliance] [audit-failure] | 2023-02-22T18:26:44Z | 2017-05-26T21:21:36Z |
Symantec: Non-BR-Compliant Certificate Issuance | 1391067 | RESOLVED | FIXED | Steven Medin | [ca-compliance] [ov-misissuance] [disclosure-failure] | 2023-02-22T18:26:45Z | 2017-08-16T21:21:02Z |
T-Systems / DFN-PKI: 40 OV certificates with wrong ST | 1534580 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:48Z | 2019-03-12T11:46:24Z |
T-Systems / DFN-PKI: 42 certificates with RSA modulus size in bits not divisable by 8 | 1651132 | RESOLVED | FIXED | Jürgen Brauckmann | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:49Z | 2020-07-07T17:04:37Z |
T-Systems / DFN-PKI: cablint findings, follow up to T-Systems Bug 1391074 | 1401486 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:40Z | 2017-09-20T09:36:35Z |
T-Systems: "Internet Widgits Pty Ltd" in organizationName | 1638898 | RESOLVED | DUPLICATE | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:50Z | 2020-05-18T17:07:18Z |
T-Systems: "Some-State" comparable issues | 1567456 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:51Z | 2019-07-19T13:04:19Z |
T-Systems: "Some-State" in stateOrProvinceName | 1551371 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:52Z | 2019-05-14T00:43:16Z |
T-Systems: DFN-PKI - Non-IDNA 2003 IDNs, violation of RFC 5280 | 1522080 | RESOLVED | INVALID | Jürgen Brauckmann | [ca-compliance] | 2022-11-14T22:22:57Z | 2019-01-23T12:35:13Z |
T-Systems: Improperly encoded QCStatements extension | 1498463 | RESOLVED | FIXED | Bernd | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:41Z | 2018-10-12T04:15:04Z |
T-Systems: Incorrect OCSP Delegated Responder Certificate | 1649941 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ocsp-failure] | 2023-02-22T18:12:53Z | 2020-07-02T01:22:38Z |
T-Systems: Insufficient serial number entropy | 1536082 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [uncategorized] | 2023-02-22T18:12:54Z | 2019-03-18T13:06:22Z |
T-Systems: Invalid SAN Entries | 1530718 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:55Z | 2019-02-26T16:21:19Z |
T-Systems: Issue with Organization field | 1578417 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:56Z | 2019-09-03T14:46:23Z |
T-Systems: Non-BR-Compliant Certificate Issuance | 1391074 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] [ov-misissuance] | 2023-02-22T18:21:38Z | 2017-08-16T21:40:58Z |
T-Systems: Non-BR-Compliant OCSP Responders | 1426009 | RESOLVED | FIXED | Lothar Eickholt | [ca-compliance] [ocsp-failure] | 2023-02-22T18:21:39Z | 2017-12-18T23:59:34Z |
T-Systems: Undisclosed Intermediate certificate | 1455137 | RESOLVED | FIXED | Bernd | [ca-compliance] [disclosure-failure] | 2023-02-22T18:13:42Z | 2018-04-18T22:09:47Z |
Taiwan-CA: Invalid SAN Entries | 1535869 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:35Z | 2019-03-16T23:11:28Z |
Taiwan-CA: Invalid stateOrProvinceName | 1709070 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:36Z | 2021-05-03T12:15:19Z |
Taiwan-CA: Misissued certificate: Invalid organizationUnitName | 1629020 | RESOLVED | FIXED | Hao-Chun Li | [ca-compliance] [ov-misissuance] | 2023-02-22T18:18:37Z | 2020-04-10T11:57:09Z |
Taiwan-CA: Non-BR-Compliant Certificate Issuance | 1391068 | RESOLVED | FIXED | Robin Lin | [ca-compliance] [ev-misissuance] | 2023-02-22T18:25:26Z | 2017-08-16T21:23:39Z |
Telekom Security: Certificate with invalid FQDN | 1711432 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:12:57Z | 2021-05-17T09:38:39Z |
Telekom Security: Improper use of a domain validation method | 1825780 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] Next update 2023-04-21 | 2023-07-05T19:37:15Z | 2023-03-31T13:29:21Z |
Telekom Security: CRL also contained unrevoked certificates | 1655698 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [crl-failure] | 2023-02-22T18:12:58Z | 2020-07-28T10:00:29Z |
Telekom Security: Delayed Revocations of Sub-CA certificates | 1651487 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ca-revocation-delay] | 2023-02-22T18:12:59Z | 2020-07-08T20:42:53Z |
Telekom Security: Finding in 2020 ETSI-Audit regarding weekly review of changes to configurations | 1651611 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [audit-finding] | 2023-02-22T18:13:00Z | 2020-07-09T08:26:50Z |
Telekom Security: Key Encipherment in two ECC SAN TLS certificates | 1703528 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:01Z | 2021-04-07T12:44:43Z |
Telekom Security: Multiple commonName in certificates | 1705791 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ov-misissuance] | 2023-02-22T18:13:02Z | 2021-04-16T17:48:04Z |
Telekom Security: Wrong jurisdiction entries in certificates | 1675314 | RESOLVED | FIXED | Arnold Essing | [ca-compliance] [ev-misissuance] | 2023-02-22T18:13:03Z | 2020-11-04T16:47:22Z |
Telia CA: Findings in 2023 Audit | 1841247 | RESOLVED | FIXED | Antti Backman | [ca-compliance] [audit-finding] | 2023-09-29T15:35:04Z | 2023-06-30T10:41:50Z |
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains" | 1828105 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-06-30T16:29:21Z | 2023-04-14T12:50:32Z |
Telia: "Some-State" in stateOrProvinceName | 1551372 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:49Z | 2019-05-14T00:45:02Z |
Telia: AIA CA Issuer field pointing to PEM encoded cert | 1637854 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:43Z | 2020-05-14T05:53:43Z |
Telia: Ambiguity on KeyUsage with ECC public key | 1612332 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:44Z | 2020-01-30T13:32:41Z |
Telia: Certificates with RSA keys where modulus is not divisible by 8 | 1674536 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2023-02-22T18:23:45Z | 2020-10-31T08:29:31Z |
Telia: Delayed revocation of 5 EE certificates in connection to id=1736020 | 1737808 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [leaf-revocation-delay] | 2023-02-22T18:23:46Z | 2021-10-26T13:36:32Z |
Telia: Disallowed curve (P-521) in leaf certificate | 1689589 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [dv-misissuance] | 2023-02-22T18:23:50Z | 2021-01-29T11:34:23Z |
Telia: Failure to disclose Unconstrained Intermediate within 7 Days | 1563575 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [disclosure-failure] | 2023-02-22T18:23:51Z | 2019-07-04T17:41:05Z |
Telia: Invalid email contact address was used for few domains | 1736020 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:47Z | 2021-10-15T12:50:05Z |
Telia: invalid IP value in SAN DNS field | 1524567 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:52Z | 2019-02-01T13:47:36Z |
Telia: Issued three precertificates with non-NIST EC curve | 1738207 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:48Z | 2021-10-28T08:30:39Z |
Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field | 1528259 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:53Z | 2019-02-15T14:57:47Z |
Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) | 1528261 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:54Z | 2019-02-15T15:03:03Z |
Telia: Misissued certificate - invalid dnsName | 1524050 | RESOLVED | FIXED | pekka.lahtiharju | [ca-compliance] [ov-misissuance] | 2023-02-22T18:23:55Z | 2019-01-30T20:58:02Z |