CA/Incident Dashboard
Open CA Bugs in Bugzilla
There are three separate lists of open compliance bugs below:
- Compliance bugs (not including audit delays or leaf revocation delays)
- Audit Delays
- Leaf Revocation Delays
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or a CA/Browser Forum requirement, and is determined to not be an imminent security concern. A CA's response to a CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=CA+Program&component=CA+Certificate+Compliance&version=other
- Whiteboard = [ca-compliance]
- If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|
Actalis: missing CCADB disclosure for new SubCA | 1982646 | ASSIGNED | Nicolò Papi | [ca-compliance] [disclosure-failure] | 2025-10-10T12:39:27Z | 2025-08-12T15:34:24Z |
DigiCert: Re-use of WHOIS validation shortly after deadline | 1978163 | ASSIGNED | DigiCert | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2025-10-15T15:52:21Z | 2025-07-18T21:01:12Z |
Financijska agencija (Fina): Mis-issued certificates | 1986968 | ASSIGNED | miroslav.perincic | [ca-compliance] [dv-misissuance] | 2025-09-28T18:33:14Z | 2025-09-04T16:47:06Z |
FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | 1963778 | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] Next update 2025-10-15 | 2025-10-15T11:44:19Z | 2025-05-01T08:21:00Z |
Google Trust Services: Missing authorization audit log entry for certificate issuance | 1979457 | ASSIGNED | Google Trust Services | [close on 2025-10-20] [ca-compliance] [policy-failure] | 2025-10-14T16:40:10Z | 2025-07-25T21:06:01Z |
IdenTrust: ICA with invalid CDP | 1991215 | ASSIGNED | IdenTrust | [ca-compliance] [ca-misissuance] | 2025-10-15T13:44:10Z | 2025-09-26T20:20:59Z |
IdenTrust: TLS self audit testing below 3% | 1991558 | ASSIGNED | IdenTrust | [ca-compliance] [policy-failure] | 2025-10-14T20:47:33Z | 2025-09-29T23:04:25Z |
IZENPE: Failed to respond a Certificate Problem Report within 24 hours and create a preliminary report in 72 hours | 1985466 | ASSIGNED | David | [ca-compliance] [policy-failure] | 2025-09-30T14:35:16Z | 2025-08-27T07:53:12Z |
IZENPE: IssuingDistributionPoint extension in CRLs not marked as Critical | 1976256 | ASSIGNED | Toni Sáez | [ca-compliance] [crl-failure] | 2025-09-30T14:27:29Z | 2025-07-08T15:19:58Z |
Microsoft PKI Services: End Entity Certificate Mis-issuance against CPS (BasicConstraints) | 1979475 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] [ov-misissuance] | 2025-10-10T18:49:01Z | 2025-07-26T00:21:43Z |
Microsoft PKI Services: Policy document bug | 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-10-10T18:47:38Z | 2025-04-26T02:10:29Z |
Microsoft: improper disclosure of CRL | 1990801 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [crl-failure] | 2025-10-15T13:25:42Z | 2025-09-25T12:48:12Z |
PKIoverheid: TSP Cleverbase Findings in 2025 ETSI Audit - Incident Report #1 – Incorrect issuer CA listed in CPS | 1985816 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-09-04T12:43:36Z | 2025-08-28T15:39:28Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #1 – Security Handbook | 1983256 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:39:22Z | 2025-08-15T13:34:25Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review | 1983270 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:06:55Z | 2025-08-15T14:12:58Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #11 – Anti-Malware Software | 1983271 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:09:46Z | 2025-08-15T14:14:13Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #12 – Outdated Software | 1983272 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:12:59Z | 2025-08-15T14:15:10Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #13 – Restore Test | 1983273 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:15:07Z | 2025-08-15T14:16:22Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #14 – Back-up | 1983274 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:23:21Z | 2025-08-15T14:17:35Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #15 – Outdated Software | 1983275 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:24:52Z | 2025-08-15T14:18:19Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #16 – EJBCA Configuration | 1983276 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:26:42Z | 2025-08-15T14:19:07Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #2 – Compliance Management | 1983262 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:40:28Z | 2025-08-15T14:03:50Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit | 1983263 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:42:49Z | 2025-08-15T14:05:23Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #4 –Training | 1983264 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:45:43Z | 2025-08-15T14:06:17Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #5 – CMDB | 1983265 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:48:25Z | 2025-08-15T14:07:17Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #6 – Security Incident Procedure | 1983266 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T15:54:15Z | 2025-08-15T14:08:50Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management | 1983267 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:00:03Z | 2025-08-15T14:09:40Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #8 – Logical Access | 1983268 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:02:53Z | 2025-08-15T14:10:43Z |
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #9 – Lifecycle Management | 1983269 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2025-10-09T16:04:09Z | 2025-08-15T14:11:31Z |
SECOM: No updated CRLs published for Cybertrust Japan SureMail CA G4 | 1986911 | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [close on 2025-10-20] [ca-compliance] [crl-failure] | 2025-10-10T15:38:20Z | 2025-09-04T13:23:34Z |
Sectigo: OCSP, caIssuers, and CRL endpoints unavailable for a single Subordinate CA | 1991196 | ASSIGNED | incident-response | [ca-compliance] [ocsp-failure] [crl-failure] [policy-failure] Next update 2025-10-30 | 2025-10-14T08:44:38Z | 2025-09-26T19:14:13Z |
SHECA: TLS certificate key generation online | 1993357 | ASSIGNED | SHECA | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2025-10-14T22:52:50Z | 2025-10-08T19:46:26Z |
SwissSign: recommendation on backup testing | 1990272 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:25Z | 2025-09-23T17:06:29Z |
SwissSign: recommendation on BIA/BCP review | 1990263 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:37Z | 2025-09-23T16:53:15Z |
SwissSign: recommendation on BIA/BCP test coverage | 1990266 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:53Z | 2025-09-23T16:55:40Z |
SwissSign: recommendation on CA-specific risk assessment | 1990277 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:39:18Z | 2025-09-23T17:08:41Z |
SwissSign: recommendation on document release dual control | 1990269 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:34:10Z | 2025-09-23T17:03:05Z |
SwissSign: recommendation on evaluation of cloud service providers | 1990276 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:37:17Z | 2025-09-23T17:08:11Z |
SwissSign: recommendation on firewall review | 1990271 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:06Z | 2025-09-23T17:05:31Z |
SwissSign: recommendation on linting software updates | 1990282 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T09:22:19Z | 2025-09-23T17:12:55Z |
SwissSign: recommendation on log review process | 1990285 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:40:13Z | 2025-09-23T17:14:00Z |
SwissSign: recommendation on publication process for CA related data | 1990275 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:56Z | 2025-09-23T17:07:40Z |
SwissSign: recommendation on review of key pair generation implementation | 1990284 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:40:00Z | 2025-09-23T17:13:29Z |
SwissSign: recommendation on risk assessment | 1990254 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:33:18Z | 2025-09-23T16:08:48Z |
SwissSign: recommendation on self-assessment tool | 1990281 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:39:37Z | 2025-09-23T17:12:19Z |
SwissSign: recommendation on synchronization of staging and production environments | 1990274 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] | 2025-10-13T11:36:41Z | 2025-09-23T17:07:10Z |
TunTrust: Issue with Valid test Certificate | 1988405 | ASSIGNED | Agence Nationale de Certification Electronique | [close on 2025-10-20] [ca-compliance] [policy-failure] | 2025-10-10T15:39:37Z | 2025-09-13T17:05:34Z |
47 Total; 47 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Audit Delays
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.
- Whiteboard = [ca-compliance][audit-delay]
- For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Revocation Delays
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|
[meta] Delayed Revocation | 1911183 | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z | 2024-08-01T20:05:04Z |
Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | 1965612 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-10-13T20:51:22Z | 2025-05-10T01:34:01Z |
SHECA: Delayed revocation of TLS certificates affected by bug #1993357 | 1994051 | ASSIGNED | SHECA | [ca-compliance] [leaf-revocation-delay] | 2025-10-15T18:22:50Z | 2025-10-13T18:23:58Z |
VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | 1885568 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] | 2025-09-10T01:25:15Z | 2024-03-15T16:20:17Z |
4 Total; 4 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: