CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1463975 GRCA: Misissued certificates: Invalid commonName, commonName not in SAN ASSIGNED National Development Council [ca-compliance] 2019-09-18T15:27:28Z
1468477 QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage ASSIGNED Stephen Davidson [ca-compliance] Next Update - 01-January 2020 2019-09-17T20:35:31Z
1496616 Consorci AOC: Qualified audit statements ASSIGNED Francesc Ferrer [ca-compliance] Next Update - 01-January 2020 2019-09-17T20:40:17Z
1502957 Camerfirma: MULTICERT Misissuance and missing audits ASSIGNED Juan Angel Martin [ca-compliance] 2019-10-20T10:21:48Z
1520299 Hongkong Post / Certizen: Failure to report misissuance ASSIGNED Man Ho [ca-compliance] 2019-10-23T03:15:40Z
1523221 GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions ASSIGNED National Development Council [ca-compliance] 2019-09-17T03:30:35Z
1524733 CFCA: invalid dnsNames ASSIGNED Jonathan Sun [ca-compliance] - Next Update - 1-October 2019 2019-08-11T00:26:26Z
1524815 GoDaddy: failure to revoke underscores ASSIGNED Joanna [ca-compliance] 2019-08-23T22:12:16Z
1532113 CFCA: O > 64 characters ASSIGNED Oliver Bi [ca-compliance] - Next Update - 01-August 2019 2019-09-20T03:29:53Z
1532333 Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate ASSIGNED Eusebio Herrera [ca-compliance] 2019-10-20T10:20:04Z
1532436 Chunghwa Telecom: Test certificate with unregistered domain name ASSIGNED Li-Chun CHEN [ca-compliance] - 14-October 2019 2019-07-15T15:12:07Z
1532559 CFCA: Wrong SerialNumber encoding ASSIGNED Jonathan Sun [ca-compliance] 2019-09-20T03:46:33Z
1533774 GoDaddy: Insufficient serial number entropy ASSIGNED Joanna [ca-compliance] 2019-08-03T02:01:17Z
1535871 PKIoverheid: KPN Insufficient Serial Number Entropy ASSIGNED Jochem van den Berge [ca-compliance] - Next Update - 01-December 2019 2019-11-05T02:29:51Z
1538638 Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy ASSIGNED chemalogo [ca-compliance] 2019-09-03T07:19:45Z
1548713 Sectigo: "Default City" in Subject:localityName ASSIGNED Robin Alden [ca-compliance] 2019-11-18T09:43:27Z
1549861 Camerfirma: Outdated audit statements for intermediate certs ASSIGNED Eusebio Herrera [ca-compliance] 2019-10-20T10:20:34Z
1549862 Entrust: Outdated audit statement for intermediate cert ASSIGNED Bruce Morton [ca-compliance] 2019-10-28T16:19:31Z
1550645 Digicert: CAA Checking Issue ASSIGNED Brenda Bernal [ca-compliance] 2019-11-12T00:39:46Z
1551362 Sectigo: "Some-State" in stateOrProvinceName ASSIGNED Robin Alden [ca-compliance] - Next Update - 31-July 2019 2019-11-18T09:43:12Z
1551372 Telia: "Some-State" in stateOrProvinceName ASSIGNED pekka.lahtiharju [ca-compliance] 2019-09-30T15:40:08Z
1556806 Camerfirma: Inforcert misissued certificates ASSIGNED Eusebio Herrera [ca-compliance] - Next Update - 01-October 2019 2019-10-09T17:57:52Z
1556906 DigiCert: Apple: Non-compliant Common Name Length ASSIGNED certification_authority [ca-compliance] - Next Update - 01-September 2019 2019-10-05T20:19:49Z
1556948 DigiCert Validation Scope Incident ASSIGNED Jeremy Rowley [ca-compliance] Next Update - 01-October 2019 2019-11-06T03:34:27Z
1558552 SwissSign: CP/CPS certificate profile issue ASSIGNED Mike Guenther [ca-compliance] - Next Update - 01-September 2019 2019-10-22T15:01:09Z
1559765 Izenpe: Multiple invalid EV certificates issued ASSIGNED o-garcia [ca-compliance] - Next Update - 01-December 2019 2019-07-17T07:24:51Z
1561013 Entrust: Certificate issued with validity greater than 825-days ASSIGNED Bruce Morton [ca-compliance] - Next Update - 01-December 2019 2019-10-17T23:47:31Z
1563573 DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days ASSIGNED Brenda Bernal [ca-compliance] 2019-11-14T04:00:13Z
1563579 Sectigo: Failure to provide timely incident reports ASSIGNED Robin Alden [ca-compliance] 2019-11-18T09:43:04Z
1565270 Telia: Qualified BR Audit Statement ASSIGNED pekka.lahtiharju [ca-compliance] 2019-10-02T00:29:30Z
1567061 GoDaddy: inconsistent disclosure of externally-operated intermediate ASSIGNED Joanna [ca-compliance] 2019-09-12T18:03:53Z
1567456 T-Systems: "Some-State" comparable issues ASSIGNED Arnold Essing [ca-compliance] Next Update - 30-November 2019 2019-08-12T12:20:43Z
1567588 D-TRUST: incorrectly formatted businessCategory entry ASSIGNED Enrico Entschew [ca-compliance] Next Update - 01-September 2019 2019-09-11T17:06:32Z
1568356 Trustcor: Incorrect CA-Issuers URI ASSIGNED Neil Dunbar [ca-compliance] 2019-08-29T07:27:21Z
1569651 SwissSign: Misissuance of Leaf Certificates because of incorrect postcode ASSIGNED Timo Schmitt [ca-compliance] 2019-08-27T12:15:45Z
1572234 GoDaddy: cross certificate disclosure to CCADB ASSIGNED Joanna [ca-compliance] 2019-09-10T18:41:45Z
1573937 DigiCert/Verizon: Qualified 2019 Audit Statements NEW Brenda Bernal [ca-compliance] - Next Update - 20-September 2019 2019-09-19T23:38:16Z
1575022 Sectigo: EV SSL Certificates with incorrect subject details. ASSIGNED Robin Alden [ca-compliance] 2019-11-18T09:42:55Z
1575530 Camerfirma: Govern d'Andorra audits ASSIGNED Juan Angel Martin [ca-compliance] - Next Update - 01-December 2019 2019-11-19T21:29:59Z
1575880 GlobalSign: SSL Certificates with US country code and invalid State/Prov ASSIGNED douglas.beattie [ca-compliance] 2019-10-25T23:06:27Z
1576013 DigiCert: JOI Issue ASSIGNED Jeremy Rowley [ca-compliance] 2019-11-12T01:11:54Z
1576283 QuoVadis: N/A in EV serialNumber field ASSIGNED Stephen Davidson [ca-compliance] 2019-11-15T15:54:50Z
1576789 Let’s Encrypt: 2019.08.20 Incident: Incorrect OCSP responses under certain conditions ASSIGNED Josh Aas [ca-compliance] 2019-09-17T20:34:09Z
1577913 GoDaddy: Issues with State and Country fields ASSIGNED Joanna [ca-compliance] 2019-10-03T01:07:03Z
1578505 LuxTrust: Outdated audit statement for intermediate cert NEW Yves Nullens [ca-compliance] - Overdue Audit for intermediate cert 2019-09-20T16:57:29Z
1579299 Asseco DS / Certum: non-audited intermediate certificate NEW Aleksandra Kapinos [ca-compliance] 2019-09-17T20:36:14Z
1580525 D-TRUST: Delayed revocation of EV certificates ASSIGNED Enrico Entschew [ca-compliance] 2019-11-01T08:37:04Z
1581183 Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3 ASSIGNED Andy Warner [ca-compliance] 2019-09-17T20:41:37Z
1581597 QuoVadis: Unconstrained CAs missing audits ASSIGNED Stephen Davidson [ca-compliance] 2019-10-31T18:34:37Z
1583470 Camerfirma: audit gap ASSIGNED Ana Lopes [ca-compliance] 2019-10-20T10:18:55Z
1586125 PKIoverheid: No BR Audit for subCAs technically capable of issuing TLS certs REOPENED Jorik van 't Hof [ca-compliance] - Next Update - 09-January-2020 2019-11-19T19:47:05Z
1586787 Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy ASSIGNED Giorgio Girelli [ca-compliance] 2019-10-22T10:17:35Z
1586795 NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy ASSIGNED Varga Viktor [ca-compliance] 2019-11-11T12:57:54Z
1586847 Microsoft: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy ASSIGNED Jason Cooper [ca-compliance] 2019-10-24T18:52:58Z
1586860 Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280 ASSIGNED Juan Angel Martin [ca-compliance] - Next Update - 20-November 2019 2019-11-18T18:26:29Z
1588001 Apple OCSP responders return responses with incorrect issuer ASSIGNED certification_authority [ca-compliance] 2019-11-14T22:38:24Z
1588213 IdenTrust: Missing Thumbprints In Some Annual Audit Reports ASSIGNED roots [ca-compliance] 2019-11-19T02:00:54Z
1589047 QuoVadis: Incorrect EV jurisdiction of incorporation information REOPENED Stephen Davidson [ca-compliance] 2019-11-14T19:42:53Z
1590723 Consorci AOC : Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9 UNCONFIRMED Francesc Ferrer [ca-compliance] 2019-10-23T14:37:17Z
1590810 Sectigo: EV SSL Certificates with incorrect businessCategory ASSIGNED Robin Alden [ca-compliance] 2019-11-18T09:42:45Z
1591005 GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report ASSIGNED Arvid Vermote [ca-compliance] 2019-11-19T06:30:55Z
1593357 QuoVadis: Incorrect EV businessCategory ASSIGNED Stephen Davidson [ca-compliance] 2019-11-14T17:54:57Z
1593776 Sectigo: invalid subject:organizationalUnitName on DV certificates ASSIGNED Robin Alden [ca-compliance] 2019-11-18T17:27:49Z
1593814 DigiCert: & character in a printableString in ICA ASSIGNED Jeremy Rowley [ca-compliance] 2019-11-12T16:28:49Z
1595113 Buypass: Intermediate certificates not listed in audit reports ASSIGNED Mads Henriksveen [ca-compliance] 2019-11-12T16:31:56Z
1595921 DigiCert: Domain validation skipped ASSIGNED Jeremy Rowley [ca-compliance] 2019-11-14T04:04:02Z
1596744 Izenpe: CA certificates not listed in audit report ASSIGNED o-garcia [ca-compliance] 2019-11-15T15:33:35Z
1596923 PKIoverheid: KPN CPS lacks problem reporting instructions ASSIGNED Jorik van 't Hof [ca-compliance] 2019-11-18T14:20:26Z
1596931 DigiCert: Verizon CPS lacks problem reporting instructions ASSIGNED Jeremy Rowley [ca-compliance] 2019-11-19T22:04:38Z
1596949 Government of Spain FNMT: CP/CPS lack CAA processing details UNCONFIRMED alain [ca-compliance] 2019-11-16T08:54:47Z
1597135 HARICA: 3 EV TLS Certificates without L or ST UNCONFIRMED Dimitris Zacharopoulos [ca-compliance] 2019-11-19T19:30:53Z

71 Total; 71 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: