Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.

Anyone may create a CA Compliance bug as follows:

https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
Whiteboard = [ca-compliance]

Full Query

ID	Summary	Status	Assigned to	Whiteboard	Last change time
1463975	GRCA: Misissued certificates: Invalid commonName, commonName not in SAN	ASSIGNED	National Development Council	[ca-compliance]	2019-09-18T15:27:28Z
1468477	QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage	ASSIGNED	Stephen Davidson	[ca-compliance] Next Update - 01-January 2020	2019-09-17T20:35:31Z
1496616	Consorci AOC: Qualified audit statements	ASSIGNED	Francesc Ferrer	[ca-compliance] Next Update - 01-January 2020	2019-09-17T20:40:17Z
1502957	Camerfirma: MULTICERT Misissuance and missing audits	ASSIGNED	Juan Angel Martin	[ca-compliance]	2019-10-20T10:21:48Z
1520299	Hongkong Post / Certizen: Failure to report misissuance	ASSIGNED	Man Ho	[ca-compliance]	2019-10-23T03:15:40Z
1523221	GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions	ASSIGNED	National Development Council	[ca-compliance]	2019-09-17T03:30:35Z
1524733	CFCA: invalid dnsNames	ASSIGNED	Jonathan Sun	[ca-compliance] - Next Update - 1-October 2019	2019-08-11T00:26:26Z
1524815	GoDaddy: failure to revoke underscores	ASSIGNED	Joanna	[ca-compliance]	2019-08-23T22:12:16Z
1532113	CFCA: O > 64 characters	ASSIGNED	Oliver Bi	[ca-compliance] - Next Update - 01-August 2019	2019-09-20T03:29:53Z
1532333	Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-10-20T10:20:04Z
1532436	Chunghwa Telecom: Test certificate with unregistered domain name	ASSIGNED	Li-Chun CHEN	[ca-compliance] - 14-October 2019	2019-07-15T15:12:07Z
1532559	CFCA: Wrong SerialNumber encoding	ASSIGNED	Jonathan Sun	[ca-compliance]	2019-09-20T03:46:33Z
1533774	GoDaddy: Insufficient serial number entropy	ASSIGNED	Joanna	[ca-compliance]	2019-08-03T02:01:17Z
1535871	PKIoverheid: KPN Insufficient Serial Number Entropy	ASSIGNED	Jochem van den Berge	[ca-compliance] - Next Update - 01-December 2019	2019-11-05T02:29:51Z
1538638	Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy	ASSIGNED	chemalogo	[ca-compliance]	2019-09-03T07:19:45Z
1548713	Sectigo: "Default City" in Subject:localityName	ASSIGNED	Robin Alden	[ca-compliance]	2019-11-18T09:43:27Z
1549861	Camerfirma: Outdated audit statements for intermediate certs	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-10-20T10:20:34Z
1549862	Entrust: Outdated audit statement for intermediate cert	ASSIGNED	Bruce Morton	[ca-compliance]	2019-10-28T16:19:31Z
1550645	Digicert: CAA Checking Issue	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-11-12T00:39:46Z
1551362	Sectigo: "Some-State" in stateOrProvinceName	ASSIGNED	Robin Alden	[ca-compliance] - Next Update - 31-July 2019	2019-11-18T09:43:12Z
1551372	Telia: "Some-State" in stateOrProvinceName	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-09-30T15:40:08Z
1556806	Camerfirma: Inforcert misissued certificates	ASSIGNED	Eusebio Herrera	[ca-compliance] - Next Update - 01-October 2019	2019-10-09T17:57:52Z
1556906	DigiCert: Apple: Non-compliant Common Name Length	ASSIGNED	certification_authority	[ca-compliance] - Next Update - 01-September 2019	2019-10-05T20:19:49Z
1556948	DigiCert Validation Scope Incident	ASSIGNED	Jeremy Rowley	[ca-compliance] Next Update - 01-October 2019	2019-11-06T03:34:27Z
1558552	SwissSign: CP/CPS certificate profile issue	ASSIGNED	Mike Guenther	[ca-compliance] - Next Update - 01-September 2019	2019-10-22T15:01:09Z
1559765	Izenpe: Multiple invalid EV certificates issued	ASSIGNED	o-garcia	[ca-compliance] - Next Update - 01-December 2019	2019-07-17T07:24:51Z
1561013	Entrust: Certificate issued with validity greater than 825-days	ASSIGNED	Bruce Morton	[ca-compliance] - Next Update - 01-December 2019	2019-10-17T23:47:31Z
1563573	DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-11-14T04:00:13Z
1563579	Sectigo: Failure to provide timely incident reports	ASSIGNED	Robin Alden	[ca-compliance]	2019-11-18T09:43:04Z
1565270	Telia: Qualified BR Audit Statement	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-10-02T00:29:30Z
1567061	GoDaddy: inconsistent disclosure of externally-operated intermediate	ASSIGNED	Joanna	[ca-compliance]	2019-09-12T18:03:53Z
1567456	T-Systems: "Some-State" comparable issues	ASSIGNED	Arnold Essing	[ca-compliance] Next Update - 30-November 2019	2019-08-12T12:20:43Z
1567588	D-TRUST: incorrectly formatted businessCategory entry	ASSIGNED	Enrico Entschew	[ca-compliance] Next Update - 01-September 2019	2019-09-11T17:06:32Z
1568356	Trustcor: Incorrect CA-Issuers URI	ASSIGNED	Neil Dunbar	[ca-compliance]	2019-08-29T07:27:21Z
1569651	SwissSign: Misissuance of Leaf Certificates because of incorrect postcode	ASSIGNED	Timo Schmitt	[ca-compliance]	2019-08-27T12:15:45Z
1572234	GoDaddy: cross certificate disclosure to CCADB	ASSIGNED	Joanna	[ca-compliance]	2019-09-10T18:41:45Z
1573937	DigiCert/Verizon: Qualified 2019 Audit Statements	NEW	Brenda Bernal	[ca-compliance] - Next Update - 20-September 2019	2019-09-19T23:38:16Z
1575022	Sectigo: EV SSL Certificates with incorrect subject details.	ASSIGNED	Robin Alden	[ca-compliance]	2019-11-18T09:42:55Z
1575530	Camerfirma: Govern d'Andorra audits	ASSIGNED	Juan Angel Martin	[ca-compliance] - Next Update - 01-December 2019	2019-11-19T21:29:59Z
1575880	GlobalSign: SSL Certificates with US country code and invalid State/Prov	ASSIGNED	douglas.beattie	[ca-compliance]	2019-10-25T23:06:27Z
1576013	DigiCert: JOI Issue	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-11-12T01:11:54Z
1576283	QuoVadis: N/A in EV serialNumber field	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-11-15T15:54:50Z
1576789	Let’s Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions	ASSIGNED	Josh Aas	[ca-compliance]	2019-09-17T20:34:09Z
1577913	GoDaddy: Issues with State and Country fields	ASSIGNED	Joanna	[ca-compliance]	2019-10-03T01:07:03Z
1578505	LuxTrust: Outdated audit statement for intermediate cert	NEW	Yves Nullens	[ca-compliance] - Overdue Audit for intermediate cert	2019-09-20T16:57:29Z
1579299	Asseco DS / Certum: non-audited intermediate certificate	NEW	Aleksandra Kapinos	[ca-compliance]	2019-09-17T20:36:14Z
1580525	D-TRUST: Delayed revocation of EV certificates	ASSIGNED	Enrico Entschew	[ca-compliance]	2019-11-01T08:37:04Z
1581183	Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3	ASSIGNED	Andy Warner	[ca-compliance]	2019-09-17T20:41:37Z
1581597	QuoVadis: Unconstrained CAs missing audits	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-10-31T18:34:37Z
1583470	Camerfirma: audit gap	ASSIGNED	Ana Lopes	[ca-compliance]	2019-10-20T10:18:55Z
1586125	PKIoverheid: No BR Audit for subCAs technically capable of issuing TLS certs	REOPENED	Jorik van 't Hof	[ca-compliance] - Next Update - 09-January-2020	2019-11-19T19:47:05Z
1586787	Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy	ASSIGNED	Giorgio Girelli	[ca-compliance]	2019-10-22T10:17:35Z
1586795	NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy	ASSIGNED	Varga Viktor	[ca-compliance]	2019-11-11T12:57:54Z
1586847	Microsoft: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy	ASSIGNED	Jason Cooper	[ca-compliance]	2019-10-24T18:52:58Z
1586860	Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280	ASSIGNED	Juan Angel Martin	[ca-compliance] - Next Update - 20-November 2019	2019-11-18T18:26:29Z
1588001	Apple OCSP responders return responses with incorrect issuer	ASSIGNED	certification_authority	[ca-compliance]	2019-11-14T22:38:24Z
1588213	IdenTrust: Missing Thumbprints In Some Annual Audit Reports	ASSIGNED	roots	[ca-compliance]	2019-11-19T02:00:54Z
1589047	QuoVadis: Incorrect EV jurisdiction of incorporation information	REOPENED	Stephen Davidson	[ca-compliance]	2019-11-14T19:42:53Z
1590723	Consorci AOC : Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9	UNCONFIRMED	Francesc Ferrer	[ca-compliance]	2019-10-23T14:37:17Z
1590810	Sectigo: EV SSL Certificates with incorrect businessCategory	ASSIGNED	Robin Alden	[ca-compliance]	2019-11-18T09:42:45Z
1591005	GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report	ASSIGNED	Arvid Vermote	[ca-compliance]	2019-11-19T06:30:55Z
1593357	QuoVadis: Incorrect EV businessCategory	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-11-14T17:54:57Z
1593776	Sectigo: invalid subject:organizationalUnitName on DV certificates	ASSIGNED	Robin Alden	[ca-compliance]	2019-11-18T17:27:49Z
1593814	DigiCert: & character in a printableString in ICA	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-11-12T16:28:49Z
1595113	Buypass: Intermediate certificates not listed in audit reports	ASSIGNED	Mads Henriksveen	[ca-compliance]	2019-11-12T16:31:56Z
1595921	DigiCert: Domain validation skipped	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-11-14T04:04:02Z
1596744	Izenpe: CA certificates not listed in audit report	ASSIGNED	o-garcia	[ca-compliance]	2019-11-15T15:33:35Z
1596923	PKIoverheid: KPN CPS lacks problem reporting instructions	ASSIGNED	Jorik van 't Hof	[ca-compliance]	2019-11-18T14:20:26Z
1596931	DigiCert: Verizon CPS lacks problem reporting instructions	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-11-19T22:04:38Z
1596949	Government of Spain FNMT: CP/CPS lack CAA processing details	UNCONFIRMED	alain	[ca-compliance]	2019-11-16T08:54:47Z
1597135	HARICA: 3 EV TLS Certificates without L or ST	UNCONFIRMED	Dimitris Zacharopoulos	[ca-compliance]	2019-11-19T19:30:53Z

71 Total; 71 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here:

https://wiki.mozilla.org/CA/Closed_Incidents

CA/Incident Dashboard

Contents

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

Closed CA Bugs

Closed CA Compliance Bugs

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools