Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
Whiteboard = [ca-compliance]

Full Query

ID	Summary	Status	Assigned to	Whiteboard	Last change time
1456655	DigiCert / ABB: Issues with DN, country code and keyUsage	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-09-11T21:12:22Z
1462423	NetLock: CN not in SAN	ASSIGNED	Varga Viktor	[ca-compliance] Next Update - 1-June-2019	2019-08-12T17:47:20Z
1463975	GRCA: Misissued certificates: Invalid commonName, commonName not in SAN	ASSIGNED	National Development Council	[ca-compliance]	2019-08-03T03:49:03Z
1468477	QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage	ASSIGNED	Stephen Davidson	[ca-compliance] Next Update - 01-January 2020	2019-07-11T16:33:16Z
1492006	Sectigo: Failure to revoke within 24 hours	ASSIGNED	Robin Alden	[ca-compliance] - Next Update - 19-August 2019	2019-09-13T13:36:45Z
1495497	KIR S.A.: Certificates issued with multiple BR violations	ASSIGNED	Piotr Grabowski	[ca-compliance]	2019-07-11T16:33:20Z
1496616	Consorci: Qualified audit statements	ASSIGNED	Francesc Ferrer	[ca-compliance] Next Update - 01-January 2020	2019-09-12T08:01:25Z
1502957	Camerfirma: MULTICERT Misissuance and missing audits	ASSIGNED	Juan Angel Martin	[ca-compliance]	2019-09-10T22:23:50Z
1520299	Hongkong Post / Certizen: Failure to report misissuance	ASSIGNED	Man Ho	[ca-compliance]	2019-07-16T14:42:50Z
1523186	KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days	ASSIGNED	Piotr Grabowski	[ca-compliance] - Next Update - 03-March 2019	2019-07-11T16:33:30Z
1523221	GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions	ASSIGNED	National Development Council	[ca-compliance]	2019-07-11T16:33:31Z
1524733	CFCA: invalid dnsNames	ASSIGNED	Jonathan Sun	[ca-compliance] - Next Update - 1-October 2019	2019-08-11T00:26:26Z
1524815	GoDaddy: failure to revoke underscores	ASSIGNED	Joanna	[ca-compliance]	2019-08-23T22:12:16Z
1532113	CFCA: O > 64 characters	ASSIGNED	Oliver Bi	[ca-compliance] - Next Update - 01-August 2019	2019-07-16T18:27:36Z
1532333	Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-08-27T12:26:47Z
1532436	Chunghwa Telecom: Test certificate with unregistered domain name	ASSIGNED	Li-Chun CHEN	[ca-compliance] - 14-October 2019	2019-07-15T15:12:07Z
1532559	CFCA: Wrong SerialNumber encoding	ASSIGNED	Jonathan Sun	[ca-compliance]	2019-08-27T18:31:17Z
1533774	GoDaddy: Insufficient serial number entropy	ASSIGNED	Joanna	[ca-compliance]	2019-08-03T02:01:17Z
1535871	PKIoverheid: KPN Insufficient Serial Number Entropy	ASSIGNED	Jochem van den Berge	[ca-compliance]	2019-09-05T23:47:54Z
1538638	Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy	ASSIGNED	chemalogo	[ca-compliance]	2019-09-03T07:19:45Z
1545208	Sectigo: Missing Changelog in CPS	ASSIGNED	Robin Alden	[ca-compliance]	2019-08-14T18:09:47Z
1547691	GlobalSign: AT&T SSL certificates without the AIA extension	ASSIGNED	douglas.beattie	[ca-compliance] - Next Update - 22-August 2019	2019-09-04T15:05:41Z
1548713	Sectigo: "Default City" in Subject:localityName	ASSIGNED	Robin Alden	[ca-compliance]	2019-07-19T19:22:51Z
1549861	Camerfirma: Outdated audit statements for intermediate certs	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-09-10T22:01:28Z
1549862	Entrust: Outdated audit statement for intermediate cert	ASSIGNED	Bruce Morton	[ca-compliance]	2019-09-11T15:22:49Z
1550645	Digicert: CAA Checking Issue	ASSIGNED	Brenda Bernal	[ca-compliance] - Next Update - 01-October 2019	2019-09-05T23:46:41Z
1551362	Sectigo: "Some-State" in stateOrProvinceName	ASSIGNED	Robin Alden	[ca-compliance] - Next Update - 31-July 2019	2019-07-19T15:07:12Z
1551372	Telia: "Some-State" in stateOrProvinceName	ASSIGNED	pekka.lahtiharju	[ca-compliance] - Next Update - 01-October 2019	2019-07-11T16:37:09Z
1556806	Camerfirma: Inforcert misissued certificates	ASSIGNED	Eusebio Herrera	[ca-compliance] - Next Update - 01-October 2019	2019-07-31T22:11:31Z
1556906	DigiCert: Apple: Non-compliant Common Name Length	ASSIGNED	certification_authority	[ca-compliance] - Next Update - 01-September 2019	2019-09-05T23:47:13Z
1556948	DigiCert Validation Scope Incident	ASSIGNED	Jeremy Rowley	[ca-compliance] Next Update - 01-October 2019	2019-09-12T01:36:12Z
1558552	SwissSign: CP/CPS certificate profile issue	ASSIGNED	Mike Guenther	[ca-compliance] - Next Update - 01-September 2019	2019-09-02T14:08:47Z
1559765	Izenpe: Multiple invalid EV certificates issued	ASSIGNED	o-garcia	[ca-compliance] - Next Update - 01-December 2019	2019-07-17T07:24:51Z
1561013	Entrust: Certificate issued with validity greater than 825-days	ASSIGNED	Bruce Morton	[ca-compliance]	2019-07-20T02:22:46Z
1563573	DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-09-13T22:07:18Z
1563574	SECOM: Failure to disclose Unconstrained Intermediate within 7 Days	ASSIGNED	Hisashi Kamo	[ca-compliance] - Next Update - 27-July 2019	2019-08-27T18:22:31Z
1563579	Sectigo: Failure to provide timely incident reports	ASSIGNED	Robin Alden	[ca-compliance]	2019-09-10T15:17:39Z
1563772	D-TRUST: Precertificate OU > 64 Characters	ASSIGNED	Enrico Entschew	[ca-compliance]	2019-08-14T19:03:18Z
1565270	Telia: Qualified BR Audit Statement	ASSIGNED	pekka.lahtiharju	[ca-compliance] - Next Update - 1-October 2019	2019-08-05T18:52:48Z
1566162	DigiCert: Failure to supervise ABB Subordinate CA	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-09-11T21:12:00Z
1566586	Asseco/Certum: Overdue Audit Statements 2019	ASSIGNED	Wojciech Trapczyński	[ca-compliance] - Next Update - 01-August 2019	2019-09-06T08:13:51Z
1567060	Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate	ASSIGNED	Robin Alden	[ca-compliance]	2019-09-13T11:53:10Z
1567061	GoDaddy: inconsistent disclosure of externally-operated intermediate	ASSIGNED	Joanna	[ca-compliance]	2019-09-12T18:03:53Z
1567456	T-Systems: "Some-State" comparable issues	ASSIGNED	Arnold Essing	[ca-compliance] Next Update - 30-November 2019	2019-08-12T12:20:43Z
1567588	D-TRUST: incorrectly formatted businessCategory entry	ASSIGNED	Enrico Entschew	[ca-compliance] Next Update - 01-September 2019	2019-09-11T17:06:32Z
1567659	Entrust: SHA-1 Issuance and other misissuance while testing	ASSIGNED	Bruce Morton	[ca-compliance]	2019-08-15T21:10:38Z
1568356	Trustcor: Incorrect CA-Issuers URI	ASSIGNED	Neil Dunbar	[ca-compliance]	2019-08-29T07:27:21Z
1569651	SwissSign: Misissuance of Leaf Certificates because of incorrect postcode	ASSIGNED	Timo Schmitt	[ca-compliance]	2019-08-27T12:15:45Z
1572234	GoDaddy: cross certificate disclosure to CCADB	ASSIGNED	Joanna	[ca-compliance]	2019-09-10T18:41:45Z
1572638	Actalis: Failure to revoke certs within the BR required timeframe	ASSIGNED	Giorgio Girelli	[ca-compliance]	2019-08-09T16:39:11Z
1572992	Netlock: Failure to provide regular and timely incident updates	ASSIGNED	Varga Viktor	[ca-compliance]	2019-09-04T09:27:38Z
1573490	PKIoverheid: CIBG insufficient serial number entropy	ASSIGNED	Jorik van 't Hof	[ca-compliance]	2019-09-09T14:48:55Z
1573937	DigiCert/Verizon: Qualified 2019 Audit Statements	NEW	Brenda Bernal	[ca-compliance] - Next Update - 20-September 2019	2019-09-12T04:41:43Z
1575022	Sectigo: EV SSL Certificates with incorrect subject details.	ASSIGNED	Robin Alden	[ca-compliance]	2019-09-06T21:36:01Z
1575125	DigiCert: Apple: Unconstrained CAs not included in WTBR report	ASSIGNED	Wayne Thayer [:wayne]	[ca-compliance]	2019-09-12T18:17:01Z
1575530	Camerfirma: Govern d'Andorra audits	ASSIGNED	Juan Angel Martin	[ca-compliance]	2019-09-10T22:52:04Z
1575880	GlobalSign: SSL Certificates with US country code and invalid State/Prov	ASSIGNED	douglas.beattie	[ca-compliance]	2019-09-10T03:59:36Z
1576013	DigiCert JOI Issue	ASSIGNED	Jeremy Rowley	[ca-compliance] Next Update - 10-Sept-2019	2019-09-11T21:11:28Z
1576133	SECOM: Mis-issued EV Certificates	ASSIGNED	Yuu Hidaka	[ca-compliance]	2019-09-13T16:57:39Z
1576283	QuoVadis: N/A in EV serialNumber field	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-09-06T19:29:42Z
1576789	2019.08.20 Let’s Encrypt Incident: Incorrect OCSP responses under certain conditions	ASSIGNED	Josh Aas	[ca-compliance]	2019-08-27T16:22:35Z
1577014	DigiCert OCSP services returns 1 byte	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-09-12T04:37:51Z
1577652	Let's Encrypt OCSP Responder Returned "Unauthorized" for Some Precertificates	ASSIGNED	Jacob Hoffman-Andrews	[ca-compliance]	2019-09-13T22:15:27Z
1577913	GoDaddy: Issues with State and Country fields	ASSIGNED	Joanna	[ca-compliance]	2019-09-13T16:00:19Z
1578417	T-Systems: Issue with Organization field	ASSIGNED	Arnold Essing	[ca-compliance] - Next Update - 11-October 2019	2019-09-10T15:50:02Z
1578505	LuxTrust: Outdated audit statement for intermediate cert	NEW	Yves Nullens	[ca-compliance] - Overdue Audit for intermediate cert	2019-09-05T10:41:52Z
1578809	PKIoverheid: Compliance issues CIBG TLS certificates	ASSIGNED	Jochem van den Berge	[ca-compliance]	2019-09-04T17:40:02Z
1579299	Asseco/Certum: non-audited intermediate certificate	NEW	Aleksandra Kapinos	[ca-compliance]	2019-09-06T10:52:03Z
1579413	GlobalSign: OCSP Responder Returns invalid values for Some Precertificates	ASSIGNED	douglas.beattie	[ca-compliance] Next Update - 13-September 2019	2019-09-06T21:02:24Z
1579509	SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"	ASSIGNED	Chris Kemmerer	[ca-compliance] Next Update - 13-September 2019	2019-09-13T21:54:19Z
1579950	QuoVadis: OCSP handling of Certificate Transparency Pre-certs	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-09-12T20:00:10Z
1580393	HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates	ASSIGNED	Dimitris Zacharopoulos	[ca-compliance]	2019-09-13T05:08:38Z
1580525	D-TRUST: Delayed revocation of EV certificates	ASSIGNED	Enrico Entschew	[ca-compliance]	2019-09-11T17:05:43Z
1581183	Google: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3	ASSIGNED	Andy Warner	[ca-compliance]	2019-09-13T17:50:21Z
1581234	QuoVadis: EV JOI Issue	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-09-14T00:26:19Z

75 Total; 75 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here:

https://wiki.mozilla.org/CA/Closed_Incidents

CA/Incident Dashboard

Contents

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

Closed CA Bugs

Closed CA Compliance Bugs

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools