CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1390990 D-TRUST: Non-BR-Compliant Certificate Issuance NEW Arno Fiedler [ca-compliance] 2019-02-01T14:25:05Z
1448986 Entrust - IP Address in dNSName form ASSIGNED Bruce Morton [ca-compliance] - Next Update - 01-April 2019 2019-01-17T14:59:02Z
1455137 T-Systems: Undisclosed Intermediate certificate NEW Bernd [ca-compliance] 2019-02-06T16:09:50Z
1456655 DigiCert / ABB: Issues with DN, country code and keyUsage ASSIGNED Brenda Bernal [ca-compliance] - Next Update - 10-April 2019 2019-02-20T01:42:05Z
1462423 NetLock: CN not in SAN UNCONFIRMED Varga Viktor [ca-compliance] 2019-01-24T21:45:14Z
1463975 GRCA: Misissued certificates: Invalid commonName, commonName not in SAN ASSIGNED National Development Council [ca-compliance] 2019-03-05T06:28:05Z
1468477 QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage ASSIGNED Stephen Davidson [ca-compliance] Next Update - 01-January 2020 2019-01-16T21:46:15Z
1481862 Camerfirma: MULTICERT organizationName Too Long REOPENED Juan Angel Martin [ca-compliance] Next Update - 14-February 2019 2019-02-14T19:24:46Z
1492006 Comodo: Failure to revoke within 24 hours ASSIGNED Robin Alden [ca-compliance] Next Update - 24-January 2019 2019-02-22T18:39:26Z
1495497 KIR S.A.: Certificates issued with multiple BR violations ASSIGNED Piotr Grabowski [ca-compliance] 2019-03-04T20:37:55Z
1495518 Assecco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) ASSIGNED Wojciech Trapczyński [ca-compliance] - Next Update - 01-July 2019 2019-01-17T15:00:50Z
1495524 Certinomis: Unqualified Domain Name in SAN ASSIGNED Marc MAITRE [ca-compliance] - Next Update - 15-March 2019 2019-02-28T13:52:36Z
1496088 Certinomis: certificate for test.com, O=Entreprise TEST ASSIGNED Marc MAITRE [ca-compliance] - Next Update - 13-March 2019 2019-02-20T17:15:39Z
1496616 Consorci: Qualified audit statements ASSIGNED Francesc Ferrer [ca-compliance] Next Update - 01-January 2020 2019-01-09T18:53:55Z
1502957 Camerfirma: MULTICERT Misissuance and missing audits ASSIGNED Juan Angel Martin [ca-compliance] - Next Update - 07-March 2019 2019-01-17T14:54:44Z
1503128 Certinomis: email address in DNS SAN ASSIGNED Marc MAITRE [ca-compliance] - Next Update - 13-March 2019 2019-02-20T17:06:24Z
1506607 SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier ASSIGNED Mike Guenther [ca-compliance] - Next Update - 01-April 2019 2019-02-22T16:40:33Z
1509002 Camerfirma: MULTICERT certificates with a validity period greater than 825 days ASSIGNED Eusebio Herrera [ca-compliance] - Next Update - 01-April 2019 2019-02-14T16:06:21Z
1512018 Entrust: Certificate issued with '-' in ST field ASSIGNED Bruce Morton [ca-compliance] 2019-02-04T15:45:42Z
1516599 DigiCert: Underscores - Ericsson ASSIGNED Brenda Bernal [ca-compliance] 2019-02-15T19:26:14Z
1517617 DigiCert: Underscores - Citi ASSIGNED Brenda Bernal [ca-compliance] 2019-01-31T14:58:06Z
1518553 Sectigo: Use of forbidden subjectPublicKeyInfo algorithm ASSIGNED Robin Alden [ca-compliance] Next Update - 17-January 2019 2019-02-21T15:47:01Z
1519260 QuoVadis: Multiple unreported misissuances in 2018 ASSIGNED Stephen Davidson [ca-compliance] - Next Update - 01-July 2019 2019-01-17T14:58:04Z
1519572 DigiCert: Underscores - Intuit ASSIGNED Brenda Bernal [ca-compliance] Next Update - 30-April 2019 2019-02-04T15:45:30Z
1520299 Hongkong Post / Certizen: Failure to report misissuance ASSIGNED Man Ho [ca-compliance] - Next Update - 27-April 2019 2019-02-27T16:05:56Z
1521950 QuoVadis: BR Error - san dns name starts with period ASSIGNED Stephen Davidson [ca-compliance] 2019-03-07T20:57:31Z
1522975 Google: Improper OCSP response for intermediate certificate ASSIGNED kluge [ca-compliance] 2019-02-04T17:31:58Z
1523186 KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days ASSIGNED Piotr Grabowski [ca-compliance] - Next Update - 03-March 2019 2019-03-04T19:50:39Z
1523221 GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions ASSIGNED National Development Council [ca-compliance] 2019-03-17T02:20:07Z
1523676 DigiCert: Good OCSP Responses for Revoked Intermediates ASSIGNED Ben Wilson [ca-compliance] 2019-02-22T16:41:27Z
1524050 Telia: Misissued certificate - invalid dnsName ASSIGNED pekka.lahtiharju [ca-compliance] - Next Update - 01-March 2019 2019-02-27T14:04:33Z
1524094 Certinomis: invalid DNS names in SAN ASSIGNED Marc MAITRE [ca-compliance] 2019-02-02T01:10:04Z
1524103 Certinomis: invalid state and locality fields in subject ASSIGNED Marc MAITRE [ca-compliance] 2019-02-02T03:55:16Z
1524112 Certinomis: O=POUR TEST in subject ASSIGNED Marc MAITRE [ca-compliance] 2019-03-05T18:07:03Z
1524143 CFCA: Internal iPAddress in certificate UNCONFIRMED Jonathan Sun [ca-compliance] - Next Update - 01-March 2019 2019-03-04T21:22:05Z
1524195 Asseco DS / Certum: Invalid dnsNames ASSIGNED Wojciech Trapczyński [ca-compliance] 2019-02-21T12:14:04Z
1524448 Certinomis: misissued "test" certificates ASSIGNED Marc MAITRE [ca-compliance] 2019-02-26T17:57:55Z
1524449 Certinomis: validity period >825 days ASSIGNED Marc MAITRE [ca-compliance] 2019-02-26T18:01:59Z
1524451 Certinomis: invalid CDP extension ASSIGNED Marc MAITRE [ca-compliance] - Next Update - 15-March 2019 2019-02-20T18:15:12Z
1524452 SECOM: certificate for .test TLD ASSIGNED Hisashi Kamo [ca-compliance] - Next Update - 01-April 2019 2019-02-21T22:33:00Z
1524567 Telia: invalid IP value in SAN DNS field ASSIGNED pekka.lahtiharju [ca-compliance] 2019-02-19T11:14:15Z
1524730 Sectigo: invalid dnsName ASSIGNED Robin Alden [ca-compliance] 2019-02-21T01:43:37Z
1524733 CFCA: invalid dnsNames UNCONFIRMED Jonathan Sun [ca-compliance] 2019-03-16T10:53:03Z
1524815 GoDaddy: failure to revoke underscores ASSIGNED Daymion Reynolds [ca-compliance] 2019-02-14T03:13:13Z
1524871 Camerfirma: failure to revoke underscores ASSIGNED Eusebio Herrera [ca-compliance] 2019-02-15T20:37:38Z
1524875 DigiCert: IP in dnsName ASSIGNED Brenda Bernal [ca-compliance] 2019-02-15T19:56:05Z
1526099 Identrust: Discrepancy in values of address fields within CN of SSL Certificates ASSIGNED roots [ca-compliance] 2019-02-13T16:43:14Z
1526154 DigiCert: Missed Underscore Certificate Revocations ASSIGNED Brenda Bernal [ca-compliance] 2019-02-15T19:28:34Z
1527423 DigiCert: P-384,ecdsa-with-SHA512 Certificates ASSIGNED Brenda Bernal [ca-compliance] 2019-03-08T20:44:41Z
1528259 Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field ASSIGNED pekka.lahtiharju [ca-compliance] 2019-02-25T20:24:10Z
1528261 Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) ASSIGNED pekka.lahtiharju [ca-compliance] 2019-02-25T20:24:41Z
1528263 Telia: Misissued certificate - Invalid wildcard format ASSIGNED pekka.lahtiharju [ca-compliance] Next Update - 19-February 2019 2019-02-18T19:01:04Z
1528264 Telia: Misissued certificate - Invalid OU value "-" ASSIGNED pekka.lahtiharju [ca-compliance] 2019-02-18T19:11:37Z
1530623 QuoVadis: IPaddress in DNSname SAN ASSIGNED Stephen Davidson [ca-compliance] - Next Update - 20-March 2019 2019-03-07T22:30:29Z
1530718 T-Systems: Invalid SAN Entries ASSIGNED Bernd [ca-compliance] 2019-03-06T10:05:25Z
1530971 Harica: P-384,ecdsa-with-SHA256 Certificates ASSIGNED Dimitris Zacharopoulos [ca-compliance] 2019-03-07T20:08:00Z
1531800 QuoVadis: DarkMatter Insufficient Serial Number Entropy ASSIGNED Scott Rea [ca-compliance] 2019-03-03T19:38:23Z
1531817 DigiCert: in-addr.arpa Misissuance ASSIGNED Jeremy Rowley [ca-compliance] 2019-03-08T00:46:46Z
1532105 SECOM: CrossTrust: OU > 64 characters ASSIGNED Hisashi Kamo [ca-compliance] 2019-03-08T02:22:45Z
1532113 CFCA: O > 64 characters UNCONFIRMED Jonathan Sun [ca-compliance] 2019-03-04T18:30:33Z
1532333 Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate ASSIGNED Eusebio Herrera [ca-compliance] 2019-03-12T20:20:16Z
1532429 CFCA: Invalid TLD in SAN ASSIGNED Jonathan Sun [ca-compliance] 2019-03-04T21:10:14Z
1532436 Chunghwa Telecom: Test certificate with unregistered domain name ASSIGNED Li-Chun CHEN [ca-compliance] - Next Update - 01-April 2019 2019-03-13T00:46:08Z
1532559 CFCA: Wrong SerialNumber encoding UNCONFIRMED Jonathan Sun [ca-compliance] 2019-03-21T23:05:41Z
1532842 Google Trust Services: 63 bit serial numbers in some certificates ASSIGNED ryan_hurst [ca-compliance] - Next Update - 01-April 2019 2019-03-13T09:51:45Z
1533655 DigiCert: Apple: Non-compliant Serial Numbers UNCONFIRMED certification_authority [ca-compliance] 2019-03-17T13:16:35Z
1533774 GoDaddy: Insufficient serial number entropy ASSIGNED Daymion Reynolds [ca-compliance] 2019-03-15T22:28:37Z
1534145 SSL.com: P-384 curve / ecdsa-with-SHA256 certificates ASSIGNED Fotis Loukos [ca-compliance] 2019-03-10T19:01:20Z
1534147 SSL.com: Insufficient serial number entropy ASSIGNED Fotis Loukos [ca-compliance] 2019-03-20T14:41:43Z
1534295 Actalis: Insufficient serial number entropy ASSIGNED ADRIANO SANTONI [ca-compliance] 2019-03-18T15:16:34Z
1534429 Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy ASSIGNED ca.forum [ca-compliance] 2019-03-12T14:35:11Z
1534535 QuoVadis / Siemens: Insufficient serial number entropy ASSIGNED Wayne Thayer [:wayne] [ca-compliance] 2019-03-12T20:09:21Z
1534580 DFN-PKI: 40 OV certificates with wrong ST ASSIGNED Jürgen Brauckmann [ca-compliance] 2019-03-16T23:32:20Z
1535509 HARICA: Insufficient serial number entropy ASSIGNED Dimitris Zacharopoulos [ca-compliance] - Next Update - 18-March 2019 2019-03-19T12:01:57Z
1535735 Entrust - Issued Certificates to incorrect Organization ASSIGNED Bruce Morton [ca-compliance] 2019-03-21T17:59:39Z
1535772 HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates ASSIGNED Dimitris Zacharopoulos [ca-compliance] 2019-03-16T22:22:32Z
1535869 Taiwan-CA: Invalid SAN Entries ASSIGNED Hao-Chun Li [ca-compliance] 2019-03-20T04:02:23Z
1535871 PKIoverheid: KPN Insufficient Serial Number Entropy NEW Jochem van den Berge [ca-compliance] 2019-03-19T17:23:37Z
1535873 GlobalSign: AT&T Insufficient Serial Number Entropy ASSIGNED douglas.beattie [ca-compliance] 2019-03-21T18:09:16Z
1536082 T-Systems: Insufficient serial number entropy UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2019-03-21T23:06:53Z
1536213 ACCV: Error serial number entropy UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2019-03-21T23:41:57Z
1536287 Entrust - AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue ASSIGNED Dathan Demone [ca-compliance] 2019-03-20T01:21:50Z
1536760 GlobalSign: Virginia Tech Insufficient Serial Number Entropy ASSIGNED douglas.beattie [ca-compliance] 2019-03-20T20:09:10Z
1536831 GDCA: Insufficient Serial Number Entropy UNCONFIRMED Wayne Thayer [:wayne] [ca-compliance] 2019-03-22T09:15:59Z

84 Total; 84 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: