CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1456655 DigiCert / ABB: Issues with DN, country code and keyUsage ASSIGNED Brenda Bernal [ca-compliance] - Next Update - 20-May 2019 2019-04-19T16:57:19Z
1462423 NetLock: CN not in SAN ASSIGNED Varga Viktor [ca-compliance] Next Update - 1-June-2019 2019-03-29T16:53:30Z
1463975 GRCA: Misissued certificates: Invalid commonName, commonName not in SAN ASSIGNED National Development Council [ca-compliance] 2019-03-05T06:28:05Z
1468477 QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage ASSIGNED Stephen Davidson [ca-compliance] Next Update - 01-January 2020 2019-01-16T21:46:15Z
1492006 Comodo: Failure to revoke within 24 hours ASSIGNED Robin Alden [ca-compliance] Next Update - 24-January 2019 2019-02-22T18:39:26Z
1495497 KIR S.A.: Certificates issued with multiple BR violations ASSIGNED Piotr Grabowski [ca-compliance] 2019-03-04T20:37:55Z
1495518 Assecco DS / Certum: Unallowed key usage for EC public key (Key Encipherment) ASSIGNED Wojciech Trapczyński [ca-compliance] - Next Update - 01-July 2019 2019-01-17T15:00:50Z
1496616 Consorci: Qualified audit statements ASSIGNED Francesc Ferrer [ca-compliance] Next Update - 01-January 2020 2019-01-09T18:53:55Z
1502957 Camerfirma: MULTICERT Misissuance and missing audits ASSIGNED Juan Angel Martin [ca-compliance] - Next Update - 07-March 2019 2019-01-17T14:54:44Z
1518553 Sectigo: Use of forbidden subjectPublicKeyInfo algorithm ASSIGNED Robin Alden [ca-compliance] Next Update - 17-January 2019 2019-02-21T15:47:01Z
1520299 Hongkong Post / Certizen: Failure to report misissuance ASSIGNED Man Ho [ca-compliance] - Next Update - 27-April 2019 2019-02-27T16:05:56Z
1522975 Google: Improper OCSP response for intermediate certificate ASSIGNED kluge [ca-compliance] 2019-02-04T17:31:58Z
1523186 KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days ASSIGNED Piotr Grabowski [ca-compliance] - Next Update - 03-March 2019 2019-03-04T19:50:39Z
1523221 GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions ASSIGNED National Development Council [ca-compliance] 2019-03-17T02:20:07Z
1524050 Telia: Misissued certificate - invalid dnsName ASSIGNED pekka.lahtiharju [ca-compliance] - Next Update - 01-March 2019 2019-02-27T14:04:33Z
1524195 Asseco DS / Certum: Invalid dnsNames ASSIGNED Wojciech Trapczyński [ca-compliance] 2019-02-21T12:14:04Z
1524567 Telia: invalid IP value in SAN DNS field ASSIGNED pekka.lahtiharju [ca-compliance] 2019-02-19T11:14:15Z
1524730 Sectigo: invalid dnsName ASSIGNED Robin Alden [ca-compliance] 2019-02-21T01:43:37Z
1524733 CFCA: invalid dnsNames ASSIGNED Jonathan Sun [ca-compliance] 2019-04-03T11:10:38Z
1524815 GoDaddy: failure to revoke underscores ASSIGNED Joanna [ca-compliance] 2019-05-14T21:48:37Z
1524871 Camerfirma: failure to revoke underscores ASSIGNED Eusebio Herrera [ca-compliance] 2019-02-15T20:37:38Z
1526099 Identrust: Discrepancy in values of address fields within CN of SSL Certificates ASSIGNED roots [ca-compliance] 2019-02-13T16:43:14Z
1527423 DigiCert: P-384,ecdsa-with-SHA512 Certificates ASSIGNED Brenda Bernal [ca-compliance] 2019-03-08T20:44:41Z
1528259 Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field ASSIGNED pekka.lahtiharju [ca-compliance] 2019-04-30T18:20:51Z
1528261 Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld) ASSIGNED pekka.lahtiharju [ca-compliance] 2019-04-30T18:20:51Z
1528263 Telia: Misissued certificate - Invalid wildcard format ASSIGNED pekka.lahtiharju [ca-compliance] Next Update - 19-February 2019 2019-04-30T18:20:52Z
1528264 Telia: Misissued certificate - Invalid OU value "-" ASSIGNED pekka.lahtiharju [ca-compliance] 2019-04-30T18:20:51Z
1530718 T-Systems: Invalid SAN Entries ASSIGNED Arnold Essing [ca-compliance] 2019-05-15T17:48:54Z
1531817 DigiCert: in-addr.arpa Misissuance ASSIGNED Jeremy Rowley [ca-compliance] 2019-03-08T00:46:46Z
1532105 SECOM: CrossTrust: OU > 64 characters ASSIGNED Hisashi Kamo [ca-compliance] 2019-03-28T12:12:59Z
1532113 CFCA: O > 64 characters ASSIGNED Jonathan Sun [ca-compliance] 2019-03-28T23:53:24Z
1532333 Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate ASSIGNED Eusebio Herrera [ca-compliance] 2019-04-06T20:30:26Z
1532429 CFCA: Invalid TLD in SAN ASSIGNED Jonathan Sun [ca-compliance] 2019-03-04T21:10:14Z
1532436 Chunghwa Telecom: Test certificate with unregistered domain name ASSIGNED Li-Chun CHEN [ca-compliance] - Next Update - 01-June 2019 2019-03-30T14:29:47Z
1532559 CFCA: Wrong SerialNumber encoding ASSIGNED Jonathan Sun [ca-compliance] 2019-03-23T21:17:13Z
1532842 Google Trust Services: 63 bit serial numbers in some certificates ASSIGNED ryan_hurst [ca-compliance] - Next Update - 01-April 2019 2019-03-13T09:51:45Z
1533655 DigiCert: Apple: Non-compliant Serial Numbers ASSIGNED certification_authority [ca-compliance] - Next Update - 19-July 2019 2019-05-03T23:14:31Z
1533774 GoDaddy: Insufficient serial number entropy ASSIGNED Joanna [ca-compliance] 2019-05-14T21:54:24Z
1534295 Actalis: Insufficient serial number entropy ASSIGNED ADRIANO SANTONI [ca-compliance] - Next Update - 01-July 2019 2019-05-23T17:59:23Z
1534429 Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy ASSIGNED ca.forum [ca-compliance] 2019-03-12T14:35:11Z
1534580 DFN-PKI: 40 OV certificates with wrong ST ASSIGNED Jürgen Brauckmann [ca-compliance] 2019-03-16T23:32:20Z
1535735 Entrust - Issued Certificates to incorrect Organization ASSIGNED Dathan Demone [ca-compliance] 2019-04-02T18:46:02Z
1535869 Taiwan-CA: Invalid SAN Entries ASSIGNED Hao-Chun Li [ca-compliance] - Next Update - 01-July 2019 2019-03-28T01:22:58Z
1535871 PKIoverheid: KPN Insufficient Serial Number Entropy ASSIGNED Jochem van den Berge [ca-compliance] 2019-04-03T08:57:28Z
1536082 T-Systems: Insufficient serial number entropy ASSIGNED Arnold Essing [ca-compliance] - Next Update - 10-July 2019 2019-04-03T14:05:28Z
1536213 ACCV: Insufficient serial number entropy ASSIGNED Jose Amador [ca-compliance] 2019-03-25T16:45:59Z
1536831 GDCA: Insufficient Serial Number Entropy ASSIGNED capoc [ca-compliance] - Next Update - 01-April 2019 2019-04-01T08:31:18Z
1538638 Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy ASSIGNED chemalogo [ca-compliance] 2019-03-27T18:25:39Z
1539296 Digicert: KPN Outdated Audit ASSIGNED Brenda Bernal [ca-compliance] - Next Update - 01-June 2019 2019-04-19T16:44:16Z
1539307 Buypass: Insufficient Serial Number Entropy ASSIGNED Mads Henriksveen [ca-compliance] - Next Update - 1-July 2019 2019-05-15T23:38:38Z
1540315 QuoVadis: LLB insufficient Serial Number Entropy ASSIGNED Stephen Davidson [ca-compliance] 2019-05-08T17:17:42Z
1540961 Atos: Insufficient Serial Number Entropy ASSIGNED michael.schwieters [ca-compliance] - Next Update - 01-June 2019 2019-04-26T16:19:58Z
1542082 Identrust: Failure to disclose Unconstrained intermediate Within 7 Days ASSIGNED roots [ca-compliance] 2019-05-01T00:18:45Z
1544586 Government of Spain FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc. ASSIGNED alain [ca-compliance] 2019-05-01T23:34:05Z
1544712 SECOM: certificate for which “OU=-” ASSIGNED Hisashi Kamo [ca-compliance] 2019-04-26T10:09:00Z
1544722 SECOM: certificate for which “L” and “ST” not set ASSIGNED Hisashi Kamo [ca-compliance] - Next Update - 01-June 2019 2019-04-30T20:49:46Z
1545208 Sectigo: Missing Changelog in CPS ASSIGNED Robin Alden [ca-compliance] 2019-04-17T19:08:11Z
1546253 GDCA: Authentication of Organization Identity Failure for an OV Certificate ASSIGNED capoc [ca-compliance] 2019-04-30T18:20:51Z
1546776 SecureTrust: Unvalidated domain in certificate ASSIGNED fcorday [ca-compliance] 2019-04-30T18:20:52Z
1547691 GlobalSign: AT&T SSL certificates without the AIA extension ASSIGNED douglas.beattie [ca-compliance] - Next Update - 01-August 2019 2019-05-10T13:23:08Z
1548713 Sectigo: "Default City" in Subject:localityName ASSIGNED Robin Alden [ca-compliance] 2019-05-08T15:48:09Z
1548714 SECOM: "Default City" in Subject:localityName ASSIGNED Hisashi Kamo [ca-compliance] - Next Update - 01-July 2019 2019-05-23T18:12:14Z
1548719 DigiCert: Revoked intermediate certificates not in CRL NEW Stephen Davidson [ca-compliance] CRL 2019-05-22T12:37:14Z
1548720 SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl ASSIGNED Chris Kemmerer [ca-compliance] CRL - pending Incident Report 2019-05-07T07:59:05Z
1549861 Camerfirma: Outdated audit statements for intermediate certs NEW Eusebio Herrera [ca-compliance] 2019-05-10T09:29:51Z
1549862 Entrust: Outdated audit statement for intermediate cert NEW Bruce Morton [ca-compliance] 2019-05-10T14:24:39Z
1550575 Asseco DS / Certum: commonName not from subjectAltName entries ASSIGNED Wojciech Trapczyński [ca-compliance] - Next Update - 01-June 2019 2019-05-20T04:49:38Z
1550645 Digicert: CAA Checking Issue ASSIGNED Brenda Bernal [ca-compliance] 2019-05-17T22:54:33Z
1551362 Sectigo: "Some-State" in stateOrProvinceName ASSIGNED Robin Alden [ca-compliance] 2019-05-14T01:17:01Z
1551363 DigiCert: "Some-State" in stateOrProvinceName ASSIGNED Brenda Bernal [ca-compliance] 2019-05-18T00:23:40Z
1551364 SwissSign: "Some-State" in stateOrProvinceName ASSIGNED Timo Schmitt [ca-compliance] 2019-05-17T13:58:08Z
1551369 Kamu SM: "Some-State" in stateOrProvinceName ASSIGNED Melis Şimşek [ca-compliance] 2019-05-20T15:06:04Z
1551371 T-Systems: "Some-State" in stateOrProvinceName ASSIGNED Arnold Essing [ca-compliance] - Next Update - 04-July 2019 2019-05-23T18:11:15Z
1551372 Telia: "Some-State" in stateOrProvinceName ASSIGNED pekka.lahtiharju [ca-compliance] 2019-05-22T06:10:41Z
1551374 SecureTrust: "Some-State" in stateOrProvinceName ASSIGNED fcorday [ca-compliance] - Next Update - 10-June 2019 2019-05-17T18:29:06Z
1551375 certSIGN: "Some-State" in stateOrProvinceName ASSIGNED Cristian Garabet [ca-compliance] 2019-05-14T01:20:22Z
1552562 Entrust: Question marks in certificate O and L fields ASSIGNED Bruce Morton [ca-compliance] 2019-05-17T20:09:26Z
1552586 GlobalSign: 4 Misissued certificates with invalid CN ASSIGNED douglas.beattie [ca-compliance] 2019-05-23T18:25:46Z

78 Total; 78 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: