CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1456655 DigiCert / ABB: Issues with DN, country code and keyUsage ASSIGNED Brenda Bernal [ca-compliance] 2019-09-11T21:12:22Z
1462423 NetLock: CN not in SAN ASSIGNED Varga Viktor [ca-compliance] Next Update - 1-June-2019 2019-08-12T17:47:20Z
1463975 GRCA: Misissued certificates: Invalid commonName, commonName not in SAN ASSIGNED National Development Council [ca-compliance] 2019-08-03T03:49:03Z
1468477 QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage ASSIGNED Stephen Davidson [ca-compliance] Next Update - 01-January 2020 2019-07-11T16:33:16Z
1492006 Sectigo: Failure to revoke within 24 hours ASSIGNED Robin Alden [ca-compliance] - Next Update - 19-August 2019 2019-09-13T13:36:45Z
1495497 KIR S.A.: Certificates issued with multiple BR violations ASSIGNED Piotr Grabowski [ca-compliance] 2019-07-11T16:33:20Z
1496616 Consorci: Qualified audit statements ASSIGNED Francesc Ferrer [ca-compliance] Next Update - 01-January 2020 2019-09-12T08:01:25Z
1502957 Camerfirma: MULTICERT Misissuance and missing audits ASSIGNED Juan Angel Martin [ca-compliance] 2019-09-10T22:23:50Z
1520299 Hongkong Post / Certizen: Failure to report misissuance ASSIGNED Man Ho [ca-compliance] 2019-07-16T14:42:50Z
1523186 KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days ASSIGNED Piotr Grabowski [ca-compliance] - Next Update - 03-March 2019 2019-07-11T16:33:30Z
1523221 GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions ASSIGNED National Development Council [ca-compliance] 2019-07-11T16:33:31Z
1524733 CFCA: invalid dnsNames ASSIGNED Jonathan Sun [ca-compliance] - Next Update - 1-October 2019 2019-08-11T00:26:26Z
1524815 GoDaddy: failure to revoke underscores ASSIGNED Joanna [ca-compliance] 2019-08-23T22:12:16Z
1532113 CFCA: O > 64 characters ASSIGNED Oliver Bi [ca-compliance] - Next Update - 01-August 2019 2019-07-16T18:27:36Z
1532333 Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate ASSIGNED Eusebio Herrera [ca-compliance] 2019-08-27T12:26:47Z
1532436 Chunghwa Telecom: Test certificate with unregistered domain name ASSIGNED Li-Chun CHEN [ca-compliance] - 14-October 2019 2019-07-15T15:12:07Z
1532559 CFCA: Wrong SerialNumber encoding ASSIGNED Jonathan Sun [ca-compliance] 2019-08-27T18:31:17Z
1533774 GoDaddy: Insufficient serial number entropy ASSIGNED Joanna [ca-compliance] 2019-08-03T02:01:17Z
1535871 PKIoverheid: KPN Insufficient Serial Number Entropy ASSIGNED Jochem van den Berge [ca-compliance] 2019-09-05T23:47:54Z
1538638 Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy ASSIGNED chemalogo [ca-compliance] 2019-09-03T07:19:45Z
1545208 Sectigo: Missing Changelog in CPS ASSIGNED Robin Alden [ca-compliance] 2019-08-14T18:09:47Z
1547691 GlobalSign: AT&T SSL certificates without the AIA extension ASSIGNED douglas.beattie [ca-compliance] - Next Update - 22-August 2019 2019-09-04T15:05:41Z
1548713 Sectigo: "Default City" in Subject:localityName ASSIGNED Robin Alden [ca-compliance] 2019-07-19T19:22:51Z
1549861 Camerfirma: Outdated audit statements for intermediate certs ASSIGNED Eusebio Herrera [ca-compliance] 2019-09-10T22:01:28Z
1549862 Entrust: Outdated audit statement for intermediate cert ASSIGNED Bruce Morton [ca-compliance] 2019-09-11T15:22:49Z
1550645 Digicert: CAA Checking Issue ASSIGNED Brenda Bernal [ca-compliance] - Next Update - 01-October 2019 2019-09-05T23:46:41Z
1551362 Sectigo: "Some-State" in stateOrProvinceName ASSIGNED Robin Alden [ca-compliance] - Next Update - 31-July 2019 2019-07-19T15:07:12Z
1551372 Telia: "Some-State" in stateOrProvinceName ASSIGNED pekka.lahtiharju [ca-compliance] - Next Update - 01-October 2019 2019-07-11T16:37:09Z
1556806 Camerfirma: Inforcert misissued certificates ASSIGNED Eusebio Herrera [ca-compliance] - Next Update - 01-October 2019 2019-07-31T22:11:31Z
1556906 DigiCert: Apple: Non-compliant Common Name Length ASSIGNED certification_authority [ca-compliance] - Next Update - 01-September 2019 2019-09-05T23:47:13Z
1556948 DigiCert Validation Scope Incident ASSIGNED Jeremy Rowley [ca-compliance] Next Update - 01-October 2019 2019-09-12T01:36:12Z
1558552 SwissSign: CP/CPS certificate profile issue ASSIGNED Mike Guenther [ca-compliance] - Next Update - 01-September 2019 2019-09-02T14:08:47Z
1559765 Izenpe: Multiple invalid EV certificates issued ASSIGNED o-garcia [ca-compliance] - Next Update - 01-December 2019 2019-07-17T07:24:51Z
1561013 Entrust: Certificate issued with validity greater than 825-days ASSIGNED Bruce Morton [ca-compliance] 2019-07-20T02:22:46Z
1563573 DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days ASSIGNED Brenda Bernal [ca-compliance] 2019-09-13T22:07:18Z
1563574 SECOM: Failure to disclose Unconstrained Intermediate within 7 Days ASSIGNED Hisashi Kamo [ca-compliance] - Next Update - 27-July 2019 2019-08-27T18:22:31Z
1563579 Sectigo: Failure to provide timely incident reports ASSIGNED Robin Alden [ca-compliance] 2019-09-10T15:17:39Z
1563772 D-TRUST: Precertificate OU > 64 Characters ASSIGNED Enrico Entschew [ca-compliance] 2019-08-14T19:03:18Z
1565270 Telia: Qualified BR Audit Statement ASSIGNED pekka.lahtiharju [ca-compliance] - Next Update - 1-October 2019 2019-08-05T18:52:48Z
1566162 DigiCert: Failure to supervise ABB Subordinate CA ASSIGNED Jeremy Rowley [ca-compliance] 2019-09-11T21:12:00Z
1566586 Asseco/Certum: Overdue Audit Statements 2019 ASSIGNED Wojciech Trapczyński [ca-compliance] - Next Update - 01-August 2019 2019-09-06T08:13:51Z
1567060 Sectigo / inconsistent disclosure of externally-operated intermediate ASSIGNED Robin Alden [ca-compliance] 2019-09-13T11:53:10Z
1567061 GoDaddy: inconsistent disclosure of externally-operated intermediate ASSIGNED Joanna [ca-compliance] 2019-09-12T18:03:53Z
1567456 T-Systems: "Some-State" comparable issues ASSIGNED Arnold Essing [ca-compliance] Next Update - 30-November 2019 2019-08-12T12:20:43Z
1567588 D-TRUST: incorrectly formatted businessCategory entry ASSIGNED Enrico Entschew [ca-compliance] Next Update - 01-September 2019 2019-09-11T17:06:32Z
1567659 Entrust: SHA-1 Issuance and other misissuance while testing ASSIGNED Bruce Morton [ca-compliance] 2019-08-15T21:10:38Z
1568356 Trustcor: Incorrect CA-Issuers URI ASSIGNED Neil Dunbar [ca-compliance] 2019-08-29T07:27:21Z
1569651 SwissSign: Misissuance of Leaf Certificates because of incorrect postcode ASSIGNED Timo Schmitt [ca-compliance] 2019-08-27T12:15:45Z
1572234 GoDaddy: cross certificate disclosure to CCADB ASSIGNED Joanna [ca-compliance] 2019-09-10T18:41:45Z
1572638 Actalis: Failure to revoke certs within the BR required timeframe ASSIGNED Giorgio Girelli [ca-compliance] 2019-08-09T16:39:11Z
1572992 Netlock: Failure to provide regular and timely incident updates ASSIGNED Varga Viktor [ca-compliance] 2019-09-04T09:27:38Z
1573490 PKIoverheid: CIBG insufficient serial number entropy ASSIGNED Jorik van 't Hof [ca-compliance] 2019-09-09T14:48:55Z
1573937 DigiCert/Verizon: Qualified 2019 Audit Statements NEW Brenda Bernal [ca-compliance] - Next Update - 20-September 2019 2019-09-12T04:41:43Z
1575022 Sectigo: EV SSL Certificates with incorrect subject details. ASSIGNED Robin Alden [ca-compliance] 2019-09-06T21:36:01Z
1575125 DigiCert: Apple: Unconstrained CAs not included in WTBR report ASSIGNED Wayne Thayer [:wayne] [ca-compliance] 2019-09-12T18:17:01Z
1575530 Camerfirma: Govern d'Andorra audits ASSIGNED Juan Angel Martin [ca-compliance] 2019-09-10T22:52:04Z
1575880 GlobalSign: SSL Certificates with US country code and invalid State/Prov ASSIGNED douglas.beattie [ca-compliance] 2019-09-10T03:59:36Z
1576013 DigiCert JOI Issue ASSIGNED Jeremy Rowley [ca-compliance] Next Update - 10-Sept-2019 2019-09-11T21:11:28Z
1576133 SECOM: Mis-issued EV Certificates ASSIGNED Yuu Hidaka [ca-compliance] 2019-09-13T16:57:39Z
1576283 QuoVadis: N/A in EV serialNumber field ASSIGNED Stephen Davidson [ca-compliance] 2019-09-06T19:29:42Z
1576789 2019.08.20 Let’s Encrypt Incident: Incorrect OCSP responses under certain conditions ASSIGNED Josh Aas [ca-compliance] 2019-08-27T16:22:35Z
1577014 DigiCert OCSP services returns 1 byte ASSIGNED Jeremy Rowley [ca-compliance] 2019-09-12T04:37:51Z
1577652 Let's Encrypt OCSP Responder Returned "Unauthorized" for Some Precertificates ASSIGNED Jacob Hoffman-Andrews [ca-compliance] 2019-09-13T22:15:27Z
1577913 GoDaddy: Issues with State and Country fields ASSIGNED Joanna [ca-compliance] 2019-09-13T16:00:19Z
1578417 T-Systems: Issue with Organization field ASSIGNED Arnold Essing [ca-compliance] - Next Update - 11-October 2019 2019-09-10T15:50:02Z
1578505 LuxTrust: Outdated audit statement for intermediate cert NEW Yves Nullens [ca-compliance] - Overdue Audit for intermediate cert 2019-09-05T10:41:52Z
1578809 PKIoverheid: Compliance issues CIBG TLS certificates ASSIGNED Jochem van den Berge [ca-compliance] 2019-09-04T17:40:02Z
1579299 Asseco/Certum: non-audited intermediate certificate NEW Aleksandra Kapinos [ca-compliance] 2019-09-06T10:52:03Z
1579413 GlobalSign: OCSP Responder Returns invalid values for Some Precertificates ASSIGNED douglas.beattie [ca-compliance] Next Update - 13-September 2019 2019-09-06T21:02:24Z
1579509 Precertificates without corresponding certificates return OCSP value of "Unknown" ASSIGNED Chris Kemmerer [ca-compliance] Next Update - 13-September 2019 2019-09-13T21:54:19Z
1579950 QuoVadis: OCSP handling of Certificate Transparency Pre-certs ASSIGNED Stephen Davidson [ca-compliance] 2019-09-12T20:00:10Z
1580393 HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates ASSIGNED Dimitris Zacharopoulos [ca-compliance] 2019-09-13T05:08:38Z
1580525 D-TRUST: Delayed revocation of EV certificates ASSIGNED Enrico Entschew [ca-compliance] 2019-09-11T17:05:43Z
1581183 Google: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3 ASSIGNED Andy Warner [ca-compliance] 2019-09-13T17:50:21Z
1581234 QuoVadis: EV JOI Issue ASSIGNED Stephen Davidson [ca-compliance] 2019-09-14T00:26:19Z

75 Total; 75 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: