CA/Incident Dashboard
From MozillaWiki
< CA
Contents
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1456655 | DigiCert / ABB: Issues with DN, country code and keyUsage | ASSIGNED | Brenda Bernal | [ca-compliance] - Next Update - 20-May 2019 | 2019-04-19T16:57:19Z |
| 1462423 | NetLock: CN not in SAN | ASSIGNED | Varga Viktor | [ca-compliance] Next Update - 1-June-2019 | 2019-03-29T16:53:30Z |
| 1463975 | GRCA: Misissued certificates: Invalid commonName, commonName not in SAN | ASSIGNED | National Development Council | [ca-compliance] | 2019-03-05T06:28:05Z |
| 1468477 | QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage | ASSIGNED | Stephen Davidson | [ca-compliance] Next Update - 01-January 2020 | 2019-01-16T21:46:15Z |
| 1492006 | Comodo: Failure to revoke within 24 hours | ASSIGNED | Robin Alden | [ca-compliance] Next Update - 24-January 2019 | 2019-02-22T18:39:26Z |
| 1495497 | KIR S.A.: Certificates issued with multiple BR violations | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2019-03-04T20:37:55Z |
| 1495518 | Assecco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) | ASSIGNED | Wojciech Trapczyński | [ca-compliance] - Next Update - 01-July 2019 | 2019-01-17T15:00:50Z |
| 1496616 | Consorci: Qualified audit statements | ASSIGNED | Francesc Ferrer | [ca-compliance] Next Update - 01-January 2020 | 2019-01-09T18:53:55Z |
| 1502957 | Camerfirma: MULTICERT Misissuance and missing audits | ASSIGNED | Juan Angel Martin | [ca-compliance] - Next Update - 07-March 2019 | 2019-01-17T14:54:44Z |
| 1518553 | Sectigo: Use of forbidden subjectPublicKeyInfo algorithm | ASSIGNED | Robin Alden | [ca-compliance] Next Update - 17-January 2019 | 2019-02-21T15:47:01Z |
| 1520299 | Hongkong Post / Certizen: Failure to report misissuance | ASSIGNED | Man Ho | [ca-compliance] - Next Update - 27-April 2019 | 2019-02-27T16:05:56Z |
| 1522975 | Google: Improper OCSP response for intermediate certificate | ASSIGNED | kluge | [ca-compliance] | 2019-02-04T17:31:58Z |
| 1523186 | KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days | ASSIGNED | Piotr Grabowski | [ca-compliance] - Next Update - 03-March 2019 | 2019-03-04T19:50:39Z |
| 1523221 | GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions | ASSIGNED | National Development Council | [ca-compliance] | 2019-03-17T02:20:07Z |
| 1524050 | Telia: Misissued certificate - invalid dnsName | ASSIGNED | pekka.lahtiharju | [ca-compliance] - Next Update - 01-March 2019 | 2019-02-27T14:04:33Z |
| 1524195 | Asseco DS / Certum: Invalid dnsNames | ASSIGNED | Wojciech Trapczyński | [ca-compliance] | 2019-02-21T12:14:04Z |
| 1524567 | Telia: invalid IP value in SAN DNS field | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-02-19T11:14:15Z |
| 1524730 | Sectigo: invalid dnsName | ASSIGNED | Robin Alden | [ca-compliance] | 2019-02-21T01:43:37Z |
| 1524733 | CFCA: invalid dnsNames | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-04-03T11:10:38Z |
| 1524815 | GoDaddy: failure to revoke underscores | ASSIGNED | Joanna | [ca-compliance] | 2019-05-14T21:48:37Z |
| 1524871 | Camerfirma: failure to revoke underscores | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-02-15T20:37:38Z |
| 1526099 | Identrust: Discrepancy in values of address fields within CN of SSL Certificates | ASSIGNED | roots | [ca-compliance] | 2019-02-13T16:43:14Z |
| 1527423 | DigiCert: P-384,ecdsa-with-SHA512 Certificates | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-03-08T20:44:41Z |
| 1528259 | Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-04-30T18:20:51Z |
| 1528261 | Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-04-30T18:20:51Z |
| 1528263 | Telia: Misissued certificate - Invalid wildcard format | ASSIGNED | pekka.lahtiharju | [ca-compliance] Next Update - 19-February 2019 | 2019-04-30T18:20:52Z |
| 1528264 | Telia: Misissued certificate - Invalid OU value "-" | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-04-30T18:20:51Z |
| 1530718 | T-Systems: Invalid SAN Entries | ASSIGNED | Arnold Essing | [ca-compliance] | 2019-05-15T17:48:54Z |
| 1531817 | DigiCert: in-addr.arpa Misissuance | ASSIGNED | Jeremy Rowley | [ca-compliance] | 2019-03-08T00:46:46Z |
| 1532105 | SECOM: CrossTrust: OU > 64 characters | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2019-03-28T12:12:59Z |
| 1532113 | CFCA: O > 64 characters | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-03-28T23:53:24Z |
| 1532333 | Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate | ASSIGNED | Eusebio Herrera | [ca-compliance] | 2019-04-06T20:30:26Z |
| 1532429 | CFCA: Invalid TLD in SAN | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-03-04T21:10:14Z |
| 1532436 | Chunghwa Telecom: Test certificate with unregistered domain name | ASSIGNED | Li-Chun CHEN | [ca-compliance] - Next Update - 01-June 2019 | 2019-03-30T14:29:47Z |
| 1532559 | CFCA: Wrong SerialNumber encoding | ASSIGNED | Jonathan Sun | [ca-compliance] | 2019-03-23T21:17:13Z |
| 1532842 | Google Trust Services: 63 bit serial numbers in some certificates | ASSIGNED | ryan_hurst | [ca-compliance] - Next Update - 01-April 2019 | 2019-03-13T09:51:45Z |
| 1533655 | DigiCert: Apple: Non-compliant Serial Numbers | ASSIGNED | certification_authority | [ca-compliance] - Next Update - 19-July 2019 | 2019-05-03T23:14:31Z |
| 1533774 | GoDaddy: Insufficient serial number entropy | ASSIGNED | Joanna | [ca-compliance] | 2019-05-14T21:54:24Z |
| 1534295 | Actalis: Insufficient serial number entropy | ASSIGNED | ADRIANO SANTONI | [ca-compliance] - Next Update - 01-July 2019 | 2019-05-23T17:59:23Z |
| 1534429 | Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy | ASSIGNED | ca.forum | [ca-compliance] | 2019-03-12T14:35:11Z |
| 1534580 | DFN-PKI: 40 OV certificates with wrong ST | ASSIGNED | Jürgen Brauckmann | [ca-compliance] | 2019-03-16T23:32:20Z |
| 1535735 | Entrust - Issued Certificates to incorrect Organization | ASSIGNED | Dathan Demone | [ca-compliance] | 2019-04-02T18:46:02Z |
| 1535869 | Taiwan-CA: Invalid SAN Entries | ASSIGNED | Hao-Chun Li | [ca-compliance] - Next Update - 01-July 2019 | 2019-03-28T01:22:58Z |
| 1535871 | PKIoverheid: KPN Insufficient Serial Number Entropy | ASSIGNED | Jochem van den Berge | [ca-compliance] | 2019-04-03T08:57:28Z |
| 1536082 | T-Systems: Insufficient serial number entropy | ASSIGNED | Arnold Essing | [ca-compliance] - Next Update - 10-July 2019 | 2019-04-03T14:05:28Z |
| 1536213 | ACCV: Insufficient serial number entropy | ASSIGNED | Jose Amador | [ca-compliance] | 2019-03-25T16:45:59Z |
| 1536831 | GDCA: Insufficient Serial Number Entropy | ASSIGNED | capoc | [ca-compliance] - Next Update - 01-April 2019 | 2019-04-01T08:31:18Z |
| 1538638 | Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy | ASSIGNED | chemalogo | [ca-compliance] | 2019-03-27T18:25:39Z |
| 1539296 | Digicert: KPN Outdated Audit | ASSIGNED | Brenda Bernal | [ca-compliance] - Next Update - 01-June 2019 | 2019-04-19T16:44:16Z |
| 1539307 | Buypass: Insufficient Serial Number Entropy | ASSIGNED | Mads Henriksveen | [ca-compliance] - Next Update - 1-July 2019 | 2019-05-15T23:38:38Z |
| 1540315 | QuoVadis: LLB insufficient Serial Number Entropy | ASSIGNED | Stephen Davidson | [ca-compliance] | 2019-05-08T17:17:42Z |
| 1540961 | Atos: Insufficient Serial Number Entropy | ASSIGNED | michael.schwieters | [ca-compliance] - Next Update - 01-June 2019 | 2019-04-26T16:19:58Z |
| 1542082 | Identrust: Failure to disclose Unconstrained intermediate Within 7 Days | ASSIGNED | roots | [ca-compliance] | 2019-05-01T00:18:45Z |
| 1544586 | Government of Spain FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. | ASSIGNED | alain | [ca-compliance] | 2019-05-01T23:34:05Z |
| 1544712 | SECOM: certificate for which “OU=-” | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2019-04-26T10:09:00Z |
| 1544722 | SECOM: certificate for which “L” and “ST” not set | ASSIGNED | Hisashi Kamo | [ca-compliance] - Next Update - 01-June 2019 | 2019-04-30T20:49:46Z |
| 1545208 | Sectigo: Missing Changelog in CPS | ASSIGNED | Robin Alden | [ca-compliance] | 2019-04-17T19:08:11Z |
| 1546253 | GDCA: Authentication of Organization Identity Failure for an OV Certificate | ASSIGNED | capoc | [ca-compliance] | 2019-04-30T18:20:51Z |
| 1546776 | SecureTrust: Unvalidated domain in certificate | ASSIGNED | fcorday | [ca-compliance] | 2019-04-30T18:20:52Z |
| 1547691 | GlobalSign: AT&T SSL certificates without the AIA extension | ASSIGNED | douglas.beattie | [ca-compliance] - Next Update - 01-August 2019 | 2019-05-10T13:23:08Z |
| 1548713 | Sectigo: "Default City" in Subject:localityName | ASSIGNED | Robin Alden | [ca-compliance] | 2019-05-08T15:48:09Z |
| 1548714 | SECOM: "Default City" in Subject:localityName | ASSIGNED | Hisashi Kamo | [ca-compliance] - Next Update - 01-July 2019 | 2019-05-23T18:12:14Z |
| 1548719 | DigiCert: Revoked intermediate certificates not in CRL | NEW | Stephen Davidson | [ca-compliance] CRL | 2019-05-22T12:37:14Z |
| 1548720 | SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl | ASSIGNED | Chris Kemmerer | [ca-compliance] CRL - pending Incident Report | 2019-05-07T07:59:05Z |
| 1549861 | Camerfirma: Outdated audit statements for intermediate certs | NEW | Eusebio Herrera | [ca-compliance] | 2019-05-10T09:29:51Z |
| 1549862 | Entrust: Outdated audit statement for intermediate cert | NEW | Bruce Morton | [ca-compliance] | 2019-05-10T14:24:39Z |
| 1550575 | Asseco DS / Certum: commonName not from subjectAltName entries | ASSIGNED | Wojciech Trapczyński | [ca-compliance] - Next Update - 01-June 2019 | 2019-05-20T04:49:38Z |
| 1550645 | Digicert: CAA Checking Issue | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-05-17T22:54:33Z |
| 1551362 | Sectigo: "Some-State" in stateOrProvinceName | ASSIGNED | Robin Alden | [ca-compliance] | 2019-05-14T01:17:01Z |
| 1551363 | DigiCert: "Some-State" in stateOrProvinceName | ASSIGNED | Brenda Bernal | [ca-compliance] | 2019-05-18T00:23:40Z |
| 1551364 | SwissSign: "Some-State" in stateOrProvinceName | ASSIGNED | Timo Schmitt | [ca-compliance] | 2019-05-17T13:58:08Z |
| 1551369 | Kamu SM: "Some-State" in stateOrProvinceName | ASSIGNED | Melis Şimşek | [ca-compliance] | 2019-05-20T15:06:04Z |
| 1551371 | T-Systems: "Some-State" in stateOrProvinceName | ASSIGNED | Arnold Essing | [ca-compliance] - Next Update - 04-July 2019 | 2019-05-23T18:11:15Z |
| 1551372 | Telia: "Some-State" in stateOrProvinceName | ASSIGNED | pekka.lahtiharju | [ca-compliance] | 2019-05-22T06:10:41Z |
| 1551374 | SecureTrust: "Some-State" in stateOrProvinceName | ASSIGNED | fcorday | [ca-compliance] - Next Update - 10-June 2019 | 2019-05-17T18:29:06Z |
| 1551375 | certSIGN: "Some-State" in stateOrProvinceName | ASSIGNED | Cristian Garabet | [ca-compliance] | 2019-05-14T01:20:22Z |
| 1552562 | Entrust: Question marks in certificate O and L fields | ASSIGNED | Bruce Morton | [ca-compliance] | 2019-05-17T20:09:26Z |
| 1552586 | GlobalSign: 4 Misissued certificates with invalid CN | ASSIGNED | douglas.beattie | [ca-compliance] | 2019-05-23T18:25:46Z |
78 Total; 78 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here:
