CA/Incident Dashboard
< CA
Jump to navigation
Jump to search
Open CA Bugs in Bugzilla
There are three separate lists of open compliance bugs below:
- Compliance bugs (not including audit delays or leaf revocation delays)
- Audit Delays
- Leaf Revocation Delays
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or a CA/Browser Forum requirement, and is determined to not be an imminent security concern. A CA's response to a CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=CA+Program&component=CA+Certificate+Compliance&version=other
- Whiteboard = [ca-compliance]
- If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
| Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
|---|---|---|---|---|---|---|
| Actalis: missing CCADB disclosure for new SubCA | 1982646 | ASSIGNED | Nicolò Papi | [ca-compliance] [disclosure-failure] | 2025-10-16T16:29:16Z | 2025-08-12T15:34:24Z |
| DigiCert: Re-use of WHOIS validation shortly after deadline | 1978163 | ASSIGNED | DigiCert | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2025-10-15T15:52:21Z | 2025-07-18T21:01:12Z |
| Financijska agencija (Fina): Mis-issued certificates | 1986968 | ASSIGNED | miroslav.perincic | [ca-compliance] [dv-misissuance] | 2025-09-28T18:33:14Z | 2025-09-04T16:47:06Z |
| FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | 1963778 | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] Next update 2025-10-31 | 2025-10-16T09:22:09Z | 2025-05-01T08:21:00Z |
| Google Trust Services: Missing authorization audit log entry for certificate issuance | 1979457 | ASSIGNED | Google Trust Services | [close on 2025-10-20] [ca-compliance] [policy-failure] | 2025-10-14T16:40:10Z | 2025-07-25T21:06:01Z |
| IdenTrust: ICA with invalid CDP | 1991215 | ASSIGNED | IdenTrust | [ca-compliance] [ca-misissuance] | 2025-10-15T13:44:10Z | 2025-09-26T20:20:59Z |
| IdenTrust: TLS self audit testing below 3% | 1991558 | ASSIGNED | IdenTrust | [ca-compliance] [policy-failure] | 2025-10-14T20:47:33Z | 2025-09-29T23:04:25Z |
| IZENPE: Failed to respond a Certificate Problem Report within 24 hours and create a preliminary report in 72 hours | 1985466 | ASSIGNED | David | [ca-compliance] [policy-failure] | 2025-09-30T14:35:16Z | 2025-08-27T07:53:12Z |
| IZENPE: IssuingDistributionPoint extension in CRLs not marked as Critical | 1976256 | ASSIGNED | Toni Sáez | [ca-compliance] [crl-failure] | 2025-09-30T14:27:29Z | 2025-07-08T15:19:58Z |
| Microsoft PKI Services: End Entity Certificate Mis-issuance against CPS (BasicConstraints) | 1979475 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] [ov-misissuance] | 2025-10-10T18:49:01Z | 2025-07-26T00:21:43Z |
| Microsoft PKI Services: Policy document bug | 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-10-10T18:47:38Z | 2025-04-26T02:10:29Z |
| Microsoft: improper disclosure of CRL | 1990801 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [crl-failure] | 2025-10-15T13:25:42Z | 2025-09-25T12:48:12Z |
| PKIoverheid: TSP Cleverbase Findings in 2025 ETSI Audit - Incident Report #1 – Incorrect issuer CA listed in CPS | 1985816 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-09-04T12:43:36Z | 2025-08-28T15:39:28Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #1 – Security Handbook | 1983256 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:39:22Z | 2025-08-15T13:34:25Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review | 1983270 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:06:55Z | 2025-08-15T14:12:58Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #11 – Anti-Malware Software | 1983271 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:09:46Z | 2025-08-15T14:14:13Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #12 – Outdated Software | 1983272 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:12:59Z | 2025-08-15T14:15:10Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #13 – Restore Test | 1983273 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:15:07Z | 2025-08-15T14:16:22Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #14 – Back-up | 1983274 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:23:21Z | 2025-08-15T14:17:35Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #15 – Outdated Software | 1983275 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:24:52Z | 2025-08-15T14:18:19Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #16 – EJBCA Configuration | 1983276 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:26:42Z | 2025-08-15T14:19:07Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #2 – Compliance Management | 1983262 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:40:28Z | 2025-08-15T14:03:50Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit | 1983263 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:42:49Z | 2025-08-15T14:05:23Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #4 –Training | 1983264 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:45:43Z | 2025-08-15T14:06:17Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #5 – CMDB | 1983265 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:48:25Z | 2025-08-15T14:07:17Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #6 – Security Incident Procedure | 1983266 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:54:15Z | 2025-08-15T14:08:50Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management | 1983267 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:00:03Z | 2025-08-15T14:09:40Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #8 – Logical Access | 1983268 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:02:53Z | 2025-08-15T14:10:43Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #9 – Lifecycle Management | 1983269 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:04:09Z | 2025-08-15T14:11:31Z |
| SECOM: No updated CRLs published for Cybertrust Japan SureMail CA G4 | 1986911 | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [close on 2025-10-20] [ca-compliance] [crl-failure] | 2025-10-10T15:38:20Z | 2025-09-04T13:23:34Z |
| Sectigo: Failure to reply to Certificate Problem Reports within 24 hours | 1994454 | ASSIGNED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2025-10-16T09:20:55Z | 2025-10-15T15:41:07Z |
| Sectigo: OCSP, caIssuers, and CRL endpoints unavailable for a single Subordinate CA | 1991196 | ASSIGNED | incident-response | [ca-compliance] [ocsp-failure] [crl-failure] [policy-failure] Next update 2025-10-30 | 2025-10-14T08:44:38Z | 2025-09-26T19:14:13Z |
| SHECA: TLS certificate key generation online | 1993357 | ASSIGNED | SHECA | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2025-10-14T22:52:50Z | 2025-10-08T19:46:26Z |
| SwissSign: recommendation on backup testing | 1990272 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:25Z | 2025-09-23T17:06:29Z |
| SwissSign: recommendation on BIA/BCP review | 1990263 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:37Z | 2025-09-23T16:53:15Z |
| SwissSign: recommendation on BIA/BCP test coverage | 1990266 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:53Z | 2025-09-23T16:55:40Z |
| SwissSign: recommendation on CA-specific risk assessment | 1990277 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:39:18Z | 2025-09-23T17:08:41Z |
| SwissSign: recommendation on document release dual control | 1990269 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:34:10Z | 2025-09-23T17:03:05Z |
| SwissSign: recommendation on evaluation of cloud service providers | 1990276 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:37:17Z | 2025-09-23T17:08:11Z |
| SwissSign: recommendation on firewall review | 1990271 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:06Z | 2025-09-23T17:05:31Z |
| SwissSign: recommendation on linting software updates | 1990282 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T09:22:19Z | 2025-09-23T17:12:55Z |
| SwissSign: recommendation on log review process | 1990285 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:40:13Z | 2025-09-23T17:14:00Z |
| SwissSign: recommendation on publication process for CA related data | 1990275 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:56Z | 2025-09-23T17:07:40Z |
| SwissSign: recommendation on review of key pair generation implementation | 1990284 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:40:00Z | 2025-09-23T17:13:29Z |
| SwissSign: recommendation on risk assessment | 1990254 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:18Z | 2025-09-23T16:08:48Z |
| SwissSign: recommendation on self-assessment tool | 1990281 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:39:37Z | 2025-09-23T17:12:19Z |
| SwissSign: recommendation on synchronization of staging and production environments | 1990274 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:41Z | 2025-09-23T17:07:10Z |
| TunTrust: Issue with Valid test Certificate | 1988405 | ASSIGNED | Agence Nationale de Certification Electronique | [close on 2025-10-20] [ca-compliance] [policy-failure] | 2025-10-10T15:39:37Z | 2025-09-13T17:05:34Z |
48 Total; 48 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Audit Delays
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.
- Whiteboard = [ca-compliance][audit-delay]
- For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Revocation Delays
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
| Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
|---|---|---|---|---|---|---|
| [meta] Delayed Revocation | 1911183 | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z | 2024-08-01T20:05:04Z |
| Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | 1965612 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-10-13T20:51:22Z | 2025-05-10T01:34:01Z |
| SHECA: Delayed revocation of TLS certificates affected by bug #1993357 | 1994051 | ASSIGNED | SHECA | [ca-compliance] [leaf-revocation-delay] | 2025-10-16T16:28:47Z | 2025-10-13T18:23:58Z |
| VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | 1885568 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] | 2025-09-10T01:25:15Z | 2024-03-15T16:20:17Z |
4 Total; 4 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: