CA/Incident Dashboard
From MozillaWiki
< CA
Contents
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1456655 | DigiCert / ABB: Issues with DN, country code and keyUsage | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-07-15T23:50:48Z |
| 1462423 | NetLock: CN not in SAN | ASSIGNED | Varga Viktor | [ca-compliance] Next Update - 1-June-2019 | 2019-07-17T15:08:04Z |
| 1463975 | GRCA: Misissued certificates: Invalid commonName, commonName not in SAN | ASSIGNED | National Development Council | [ca-compliance] | 2019-07-15T17:00:21Z |
| 1468477 | QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage | ASSIGNED | Stephen Davidson | [ca-compliance] Next Update - 01-January 2020 | 2019-07-11T16:33:16Z |
| 1492006 | Sectigo: Failure to revoke within 24 hours | ASSIGNED | Robin Alden | [ca-compliance] - Next Update - 01-August 2019 | 2019-07-19T15:05:09Z |
| 1495497 | KIR S.A.: Certificates issued with multiple BR violations | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2019-07-11T16:33:20Z |
| 1496616 | Consorci: Qualified audit statements | ASSIGNED | Francesc Ferrer | [ca-compliance] Next Update - 01-January 2020 | 2019-07-11T16:33:23Z |
| 1502957 | Camerfirma: MULTICERT Misissuance and missing audits | ASSIGNED | Juan Angel Martin | [ca-compliance] - Next Update - 07-March 2019 | 2019-07-11T16:33:25Z |
| 1518553 | Sectigo: Use of forbidden subjectPublicKeyInfo algorithm | ASSIGNED | Robin Alden | [ca-compliance] | 2019-07-19T18:10:48Z |
| 1520299 | Hongkong Post / Certizen: Failure to report misissuance | ASSIGNED | Man Ho | [ca-compliance] | 2019-07-16T14:42:50Z |
| 1523186 | KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days | ASSIGNED | Piotr Grabowski | [ca-compliance] - Next Update - 03-March 2019 | 2019-07-11T16:33:30Z |
| 1523221 | GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions | ASSIGNED | National Development Council | [ca-compliance] | 2019-07-11T16:33:31Z |
| 1524730 | Sectigo: invalid dnsName | ASSIGNED | Robin Alden | [ca-compliance] | 2019-07-19T15:06:20Z |
| 1524733 | CFCA: invalid dnsNames | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-07-11T16:33:34Z |
| 1524815 | GoDaddy: failure to revoke underscores | ASSIGNED | Joanna | [ca-compliance] | 2019-07-22T13:49:31Z |
| 1524871 | Camerfirma: failure to revoke underscores | ASSIGNED | Eusebio Herrera | [ca-compliance] - 15-August 2019 | 2019-07-11T16:33:37Z |
| 1528259 | Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-07-11T16:33:40Z |
| 1528261 | Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-07-11T16:33:42Z |
| 1530718 | T-Systems: Invalid SAN Entries | ASSIGNED | Arnold Essing | [ca-compliance] | 2019-07-11T16:33:44Z |
| 1532105 | SECOM: CrossTrust: OU > 64 characters | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2019-07-19T10:19:31Z |
| 1532113 | CFCA: O > 64 characters | ASSIGNED | Oliver Bi | [ca-compliance] - Next Update - 01-August 2019 | 2019-07-16T18:27:36Z |
| 1532333 | Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-07-19T21:06:47Z |
| 1532436 | Chunghwa Telecom: Test certificate with unregistered domain name | ASSIGNED | Li-Chun CHEN | [ca-compliance] - 14-October 2019 | 2019-07-15T15:12:07Z |
| 1532559 | CFCA: Wrong SerialNumber encoding | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-07-19T04:08:48Z |
| 1533774 | GoDaddy: Insufficient serial number entropy | ASSIGNED | Joanna | [ca-compliance] | 2019-07-22T13:45:43Z |
| 1534295 | Actalis: Insufficient serial number entropy | ASSIGNED | ADRIANO SANTONI | [ca-compliance] - Next Update - 27-July 2019 | 2019-07-23T13:06:15Z |
| 1534429 | Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy | ASSIGNED | ca.forum | [ca-compliance] - Next Update - 01-July 2019 | 2019-07-15T17:21:12Z |
| 1534580 | DFN-PKI: 40 OV certificates with wrong ST | ASSIGNED | Jürgen Brauckmann | [ca-compliance] - Next Update - 03-August 2019 | 2019-07-23T17:30:12Z |
| 1535871 | PKIoverheid: KPN Insufficient Serial Number Entropy | ASSIGNED | Jochem van den Berge | [ca-compliance] | 2019-07-23T14:53:27Z |
| 1536082 | T-Systems: Insufficient serial number entropy | ASSIGNED | Arnold Essing | [ca-compliance] | 2019-07-11T16:36:45Z |
| 1538638 | Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy | ASSIGNED | chemalogo | [ca-compliance] | 2019-07-22T18:51:11Z |
| 1542082 | Identrust: Failure to disclose Unconstrained intermediate Within 7 Days | ASSIGNED | roots | [ca-compliance] | 2019-07-11T16:36:48Z |
| 1544586 | Government of Spain FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. | ASSIGNED | alain | [ca-compliance] | 2019-07-11T16:36:49Z |
| 1544712 | SECOM: certificate for which “OU=-” | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2019-07-18T08:46:01Z |
| 1545208 | Sectigo: Missing Changelog in CPS | ASSIGNED | Robin Alden | [ca-compliance] - Next Update - 20-July 2019 | 2019-07-19T19:36:59Z |
| 1546253 | GDCA: Authentication of Organization Identity Failure for an OV Certificate | ASSIGNED | capoc | [ca-compliance] | 2019-07-11T16:36:54Z |
| 1546776 | SecureTrust: Unvalidated domain in certificate | ASSIGNED | fcorday | [ca-compliance] | 2019-07-11T16:36:55Z |
| 1547691 | GlobalSign: AT&T SSL certificates without the AIA extension | ASSIGNED | douglas.beattie | [ca-compliance] - Next Update - 01-August 2019 | 2019-07-11T16:36:56Z |
| 1548713 | Sectigo: "Default City" in Subject:localityName | ASSIGNED | Robin Alden | [ca-compliance] | 2019-07-19T19:22:51Z |
| 1548714 | SECOM: "Default City" in Subject:localityName | ASSIGNED | Hisashi Kamo | [ca-compliance] - Next Update - 01-July 2019 | 2019-07-11T16:36:57Z |
| 1548719 | DigiCert: Revoked intermediate certificates not in CRL | ASSIGNED | Stephen Davidson | [ca-compliance] | 2019-07-11T16:37:02Z |
| 1549861 | Camerfirma: Outdated audit statements for intermediate certs | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-07-11T16:37:04Z |
| 1549862 | Entrust: Outdated audit statement for intermediate cert | ASSIGNED | Bruce Morton | [ca-compliance] | 2019-07-11T16:37:05Z |
| 1550645 | Digicert: CAA Checking Issue | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-07-17T15:02:57Z |
| 1551362 | Sectigo: "Some-State" in stateOrProvinceName | ASSIGNED | Robin Alden | [ca-compliance] - Next Update - 31-July 2019 | 2019-07-19T15:07:12Z |
| 1551363 | DigiCert: "Some-State" in stateOrProvinceName | ASSIGNED | Brenda Bernal | [ca-compliance] Next Update - 01-September 2019 | 2019-07-17T15:28:17Z |
| 1551372 | Telia: "Some-State" in stateOrProvinceName | ASSIGNED | pekka.lahtiharju | [ca-compliance] - Next Update - 01-October 2019 | 2019-07-11T16:37:09Z |
| 1551374 | SecureTrust: "Some-State" in stateOrProvinceName | ASSIGNED | fcorday | [ca-compliance] | 2019-07-11T16:37:11Z |
| 1551375 | certSIGN: "Some-State" in stateOrProvinceName | ASSIGNED | Cristian Garabet | [ca-compliance] Next Update - 25-July 2019 | 2019-07-11T16:37:12Z |
| 1552586 | GlobalSign: 4 Misissued certificates with invalid CN | ASSIGNED | douglas.beattie | [ca-compliance] | 2019-07-11T16:37:13Z |
| 1554259 | GlobalSign: SPKI lacks explicit NULL parameter, | ASSIGNED | douglas.beattie | [ca-compliance] | 2019-07-17T15:04:34Z |
| 1556806 | Camerfirma: Inforcert misissued certificates | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-07-23T17:12:28Z |
| 1556906 | DigiCert: Apple: Non-compliant Common Name Length | ASSIGNED | certification_authority | [ca-compliance] - Next Update - 01-August 2019 | 2019-07-17T15:29:37Z |
| 1556948 | DigiCert Validation Scope Incident | ASSIGNED | Jeremy Rowley | [ca-compliance] Next Update - 01-October 2019 | 2019-07-17T15:31:08Z |
| 1557085 | Camerfirma: Intesa Sanpaolo misissued certificates | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-07-15T17:33:22Z |
| 1558552 | SwissSign: CP/CPS certificate profile issue | ASSIGNED | Mike Guenther | [ca-compliance] Next Update - 23-July 2019 | 2019-07-23T14:58:18Z |
| 1559376 | Entrust: Certificate Issued with Incorrect Country Code | ASSIGNED | Dathan Demone | [ca-compliance] | 2019-07-11T16:37:29Z |
| 1559765 | Izenpe: Multiple invalid EV certificates issued | ASSIGNED | o-garcia | [ca-compliance] - Next Update - 01-December 2019 | 2019-07-17T07:24:51Z |
| 1561013 | Entrust: Certificate issued with validity greater than 825-days | ASSIGNED | Bruce Morton | [ca-compliance] | 2019-07-20T02:22:46Z |
| 1563573 | DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-07-19T17:17:23Z |
| 1563574 | SECOM: Failure to disclose Unconstrained Intermediate within 7 Days | ASSIGNED | Hisashi Kamo | [ca-compliance] - Next Update - 27-July 2019 | 2019-07-23T18:04:32Z |
| 1563579 | Sectigo: Failure to provide timely incident reports | ASSIGNED | Robin Alden | [ca-compliance] | 2019-07-19T19:26:31Z |
| 1563772 | D-TRUST: Precertificate OU > 64 Characters | ASSIGNED | Enrico Entschew | [ca-compliance] Next Update - 24-July 2019 | 2019-07-17T15:24:54Z |
| 1563917 | QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17) | ASSIGNED | Stephen Davidson | [ca-compliance] - Next Update - 30-July 2019 | 2019-07-23T08:15:43Z |
| 1565270 | Telia: Qualified BR Audit Statement | ASSIGNED | pekka.lahtiharju | [ca-compliance] Qualified BR Audit | 2019-07-15T17:32:10Z |
| 1565494 | CFCA: Missed CPS update publication on website in 2018 | ASSIGNED | Oliver Bi | [ca-compliance] | 2019-07-15T17:12:21Z |
| 1566162 | DigiCert: Failure to supervise ABB Subordinate CA | ASSIGNED | Jeremy Rowley | [ca-compliance] | 2019-07-17T21:55:48Z |
| 1566580 | LuxTrust: Overdue Audit Statements 2019 | ASSIGNED | Yves Nullens | [ca-compliance] Overdue Audits for root certs | 2019-07-17T20:02:56Z |
| 1566586 | Asseco/Certum: Overdue Audit Statements 2019 | ASSIGNED | Wojciech Trapczyński | [ca-compliance] Overdue Audits for root certs | 2019-07-23T18:02:05Z |
| 1567060 | Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate | ASSIGNED | Robin Alden | [ca-compliance] | 2019-07-22T15:44:11Z |
| 1567061 | GoDaddy / Amazon Trust Services: inconsistent disclosure of externally-operated intermediate | ASSIGNED | Joanna | [ca-compliance] | 2019-07-22T15:44:47Z |
| 1567062 | Asseco / SSL.com: inconsistent disclosure of externally-operated intermediate | ASSIGNED | Wojciech Trapczyński | [ca-compliance] | 2019-07-19T12:23:24Z |
| 1567456 | T-Systems: "Some-State" comparable issues | ASSIGNED | Arnold Essing | [ca-compliance] Next Update - 08-August 2019 | 2019-07-22T15:44:41Z |
| 1567588 | D-TRUST: incorrectly formatted businessCategory entry | ASSIGNED | Enrico Entschew | [ca-compliance] | 2019-07-23T19:14:35Z |
| 1567659 | Entrust: SHA-1 Issuance and other misissuance while testing | ASSIGNED | Bruce Morton | [ca-compliance] | 2019-07-22T15:44:01Z |
75 Total; 75 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here:
