Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
Whiteboard = [ca-compliance]

Full Query

ID	Summary	Status	Assigned to	Whiteboard	Last change time
1390990	D-TRUST: Non-BR-Compliant Certificate Issuance	NEW	Arno Fiedler	[ca-compliance]	2019-02-01T14:25:05Z
1448986	Entrust - IP Address in dNSName form	ASSIGNED	Bruce Morton	[ca-compliance] - Next Update - 01-April 2019	2019-01-17T14:59:02Z
1455137	T-Systems: Undisclosed Intermediate certificate	NEW	Bernd	[ca-compliance]	2019-02-06T16:09:50Z
1456655	DigiCert / ABB: Issues with DN, country code and keyUsage	ASSIGNED	Brenda Bernal	[ca-compliance] - Next Update - 10-April 2019	2019-02-20T01:42:05Z
1462423	NetLock: CN not in SAN	UNCONFIRMED	Varga Viktor	[ca-compliance]	2019-01-24T21:45:14Z
1463975	GRCA: Misissued certificates: Invalid commonName, commonName not in SAN	ASSIGNED	National Development Council	[ca-compliance]	2019-03-05T06:28:05Z
1468477	QuoVadis (Freistaat Bayern): Non-BR-compliant Key Usage	ASSIGNED	Stephen Davidson	[ca-compliance] Next Update - 01-January 2020	2019-01-16T21:46:15Z
1481862	Camerfirma: MULTICERT organizationName Too Long	REOPENED	Juan Angel Martin	[ca-compliance] Next Update - 14-February 2019	2019-02-14T19:24:46Z
1492006	Comodo: Failure to revoke within 24 hours	ASSIGNED	Robin Alden	[ca-compliance] Next Update - 24-January 2019	2019-02-22T18:39:26Z
1495497	KIR S.A.: Certificates issued with multiple BR violations	ASSIGNED	Piotr Grabowski	[ca-compliance]	2019-03-04T20:37:55Z
1495518	Assecco DS / Certum: Unallowed key usage for EC public key (Key Encipherment)	ASSIGNED	Wojciech Trapczyński	[ca-compliance] - Next Update - 01-July 2019	2019-01-17T15:00:50Z
1495524	Certinomis: Unqualified Domain Name in SAN	ASSIGNED	Marc MAITRE	[ca-compliance] - Next Update - 15-March 2019	2019-02-28T13:52:36Z
1496088	Certinomis: certificate for test.com, O=Entreprise TEST	ASSIGNED	Marc MAITRE	[ca-compliance] - Next Update - 13-March 2019	2019-02-20T17:15:39Z
1496616	Consorci: Qualified audit statements	ASSIGNED	Francesc Ferrer	[ca-compliance] Next Update - 01-January 2020	2019-01-09T18:53:55Z
1502957	Camerfirma: MULTICERT Misissuance and missing audits	ASSIGNED	Juan Angel Martin	[ca-compliance] - Next Update - 07-March 2019	2019-01-17T14:54:44Z
1503128	Certinomis: email address in DNS SAN	ASSIGNED	Marc MAITRE	[ca-compliance] - Next Update - 13-March 2019	2019-02-20T17:06:24Z
1506607	SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier	ASSIGNED	Mike Guenther	[ca-compliance] - Next Update - 01-April 2019	2019-02-22T16:40:33Z
1509002	Camerfirma: MULTICERT certificates with a validity period greater than 825 days	ASSIGNED	Eusebio Herrera	[ca-compliance] - Next Update - 01-April 2019	2019-02-14T16:06:21Z
1512018	Entrust: Certificate issued with '-' in ST field	ASSIGNED	Bruce Morton	[ca-compliance]	2019-02-04T15:45:42Z
1516599	DigiCert: Underscores - Ericsson	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-02-15T19:26:14Z
1517617	DigiCert: Underscores - Citi	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-01-31T14:58:06Z
1518553	Sectigo: Use of forbidden subjectPublicKeyInfo algorithm	ASSIGNED	Robin Alden	[ca-compliance] Next Update - 17-January 2019	2019-02-21T15:47:01Z
1519260	QuoVadis: Multiple unreported misissuances in 2018	ASSIGNED	Stephen Davidson	[ca-compliance] - Next Update - 01-July 2019	2019-01-17T14:58:04Z
1519572	DigiCert: Underscores - Intuit	ASSIGNED	Brenda Bernal	[ca-compliance] Next Update - 30-April 2019	2019-02-04T15:45:30Z
1520299	Hongkong Post / Certizen: Failure to report misissuance	ASSIGNED	Man Ho	[ca-compliance] - Next Update - 27-April 2019	2019-02-27T16:05:56Z
1521950	QuoVadis: BR Error - san dns name starts with period	ASSIGNED	Stephen Davidson	[ca-compliance]	2019-03-07T20:57:31Z
1522975	Google: Improper OCSP response for intermediate certificate	ASSIGNED	kluge	[ca-compliance]	2019-02-04T17:31:58Z
1523186	KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days	ASSIGNED	Piotr Grabowski	[ca-compliance] - Next Update - 03-March 2019	2019-03-04T19:50:39Z
1523221	GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions	ASSIGNED	National Development Council	[ca-compliance]	2019-03-17T02:20:07Z
1523676	DigiCert: Good OCSP Responses for Revoked Intermediates	ASSIGNED	Ben Wilson	[ca-compliance]	2019-02-22T16:41:27Z
1524050	Telia: Misissued certificate - invalid dnsName	ASSIGNED	pekka.lahtiharju	[ca-compliance] - Next Update - 01-March 2019	2019-02-27T14:04:33Z
1524094	Certinomis: invalid DNS names in SAN	ASSIGNED	Marc MAITRE	[ca-compliance]	2019-02-02T01:10:04Z
1524103	Certinomis: invalid state and locality fields in subject	ASSIGNED	Marc MAITRE	[ca-compliance]	2019-02-02T03:55:16Z
1524112	Certinomis: O=POUR TEST in subject	ASSIGNED	Marc MAITRE	[ca-compliance]	2019-03-05T18:07:03Z
1524143	CFCA: Internal iPAddress in certificate	UNCONFIRMED	Jonathan Sun	[ca-compliance] - Next Update - 01-March 2019	2019-03-04T21:22:05Z
1524195	Asseco DS / Certum: Invalid dnsNames	ASSIGNED	Wojciech Trapczyński	[ca-compliance]	2019-02-21T12:14:04Z
1524448	Certinomis: misissued "test" certificates	ASSIGNED	Marc MAITRE	[ca-compliance]	2019-02-26T17:57:55Z
1524449	Certinomis: validity period >825 days	ASSIGNED	Marc MAITRE	[ca-compliance]	2019-02-26T18:01:59Z
1524451	Certinomis: invalid CDP extension	ASSIGNED	Marc MAITRE	[ca-compliance] - Next Update - 15-March 2019	2019-02-20T18:15:12Z
1524452	SECOM: certificate for .test TLD	ASSIGNED	Hisashi Kamo	[ca-compliance] - Next Update - 01-April 2019	2019-02-21T22:33:00Z
1524567	Telia: invalid IP value in SAN DNS field	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-02-19T11:14:15Z
1524730	Sectigo: invalid dnsName	ASSIGNED	Robin Alden	[ca-compliance]	2019-02-21T01:43:37Z
1524733	CFCA: invalid dnsNames	UNCONFIRMED	Jonathan Sun	[ca-compliance]	2019-03-16T10:53:03Z
1524815	GoDaddy: failure to revoke underscores	ASSIGNED	Daymion Reynolds	[ca-compliance]	2019-02-14T03:13:13Z
1524871	Camerfirma: failure to revoke underscores	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-02-15T20:37:38Z
1524875	DigiCert: IP in dnsName	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-02-15T19:56:05Z
1526099	Identrust: Discrepancy in values of address fields within CN of SSL Certificates	ASSIGNED	roots	[ca-compliance]	2019-02-13T16:43:14Z
1526154	DigiCert: Missed Underscore Certificate Revocations	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-02-15T19:28:34Z
1527423	DigiCert: P-384,ecdsa-with-SHA512 Certificates	ASSIGNED	Brenda Bernal	[ca-compliance]	2019-03-08T20:44:41Z
1528259	Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-02-25T20:24:10Z
1528261	Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld)	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-02-25T20:24:41Z
1528263	Telia: Misissued certificate - Invalid wildcard format	ASSIGNED	pekka.lahtiharju	[ca-compliance] Next Update - 19-February 2019	2019-02-18T19:01:04Z
1528264	Telia: Misissued certificate - Invalid OU value "-"	ASSIGNED	pekka.lahtiharju	[ca-compliance]	2019-02-18T19:11:37Z
1530623	QuoVadis: IPaddress in DNSname SAN	ASSIGNED	Stephen Davidson	[ca-compliance] - Next Update - 20-March 2019	2019-03-07T22:30:29Z
1530718	T-Systems: Invalid SAN Entries	ASSIGNED	Bernd	[ca-compliance]	2019-03-06T10:05:25Z
1530971	Harica: P-384,ecdsa-with-SHA256 Certificates	ASSIGNED	Dimitris Zacharopoulos	[ca-compliance]	2019-03-07T20:08:00Z
1531800	QuoVadis: DarkMatter Insufficient Serial Number Entropy	ASSIGNED	Scott Rea	[ca-compliance]	2019-03-03T19:38:23Z
1531817	DigiCert: in-addr.arpa Misissuance	ASSIGNED	Jeremy Rowley	[ca-compliance]	2019-03-08T00:46:46Z
1532105	SECOM: CrossTrust: OU > 64 characters	ASSIGNED	Hisashi Kamo	[ca-compliance]	2019-03-08T02:22:45Z
1532113	CFCA: O > 64 characters	UNCONFIRMED	Jonathan Sun	[ca-compliance]	2019-03-04T18:30:33Z
1532333	Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate	ASSIGNED	Eusebio Herrera	[ca-compliance]	2019-03-12T20:20:16Z
1532429	CFCA: Invalid TLD in SAN	ASSIGNED	Jonathan Sun	[ca-compliance]	2019-03-04T21:10:14Z
1532436	Chunghwa Telecom: Test certificate with unregistered domain name	ASSIGNED	Li-Chun CHEN	[ca-compliance] - Next Update - 01-April 2019	2019-03-13T00:46:08Z
1532559	CFCA: Wrong SerialNumber encoding	UNCONFIRMED	Jonathan Sun	[ca-compliance]	2019-03-21T23:05:41Z
1532842	Google Trust Services: 63 bit serial numbers in some certificates	ASSIGNED	ryan_hurst	[ca-compliance] - Next Update - 01-April 2019	2019-03-13T09:51:45Z
1533655	DigiCert: Apple: Non-compliant Serial Numbers	UNCONFIRMED	certification_authority	[ca-compliance]	2019-03-17T13:16:35Z
1533774	GoDaddy: Insufficient serial number entropy	ASSIGNED	Daymion Reynolds	[ca-compliance]	2019-03-15T22:28:37Z
1534145	SSL.com: P-384 curve / ecdsa-with-SHA256 certificates	ASSIGNED	Fotis Loukos	[ca-compliance]	2019-03-10T19:01:20Z
1534147	SSL.com: Insufficient serial number entropy	ASSIGNED	Fotis Loukos	[ca-compliance]	2019-03-20T14:41:43Z
1534295	Actalis: Insufficient serial number entropy	ASSIGNED	ADRIANO SANTONI	[ca-compliance]	2019-03-18T15:16:34Z
1534429	Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy	ASSIGNED	ca.forum	[ca-compliance]	2019-03-12T14:35:11Z
1534535	QuoVadis / Siemens: Insufficient serial number entropy	ASSIGNED	Wayne Thayer [:wayne]	[ca-compliance]	2019-03-12T20:09:21Z
1534580	DFN-PKI: 40 OV certificates with wrong ST	ASSIGNED	Jürgen Brauckmann	[ca-compliance]	2019-03-16T23:32:20Z
1535509	HARICA: Insufficient serial number entropy	ASSIGNED	Dimitris Zacharopoulos	[ca-compliance] - Next Update - 18-March 2019	2019-03-19T12:01:57Z
1535735	Entrust - Issued Certificates to incorrect Organization	ASSIGNED	Bruce Morton	[ca-compliance]	2019-03-21T17:59:39Z
1535772	HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates	ASSIGNED	Dimitris Zacharopoulos	[ca-compliance]	2019-03-16T22:22:32Z
1535869	Taiwan-CA: Invalid SAN Entries	ASSIGNED	Hao-Chun Li	[ca-compliance]	2019-03-20T04:02:23Z
1535871	PKIoverheid: KPN Insufficient Serial Number Entropy	NEW	Jochem van den Berge	[ca-compliance]	2019-03-19T17:23:37Z
1535873	GlobalSign: AT&T Insufficient Serial Number Entropy	ASSIGNED	douglas.beattie	[ca-compliance]	2019-03-21T18:09:16Z
1536082	T-Systems: Insufficient serial number entropy	UNCONFIRMED	Wayne Thayer [:wayne]	[ca-compliance]	2019-03-21T23:06:53Z
1536213	ACCV: Error serial number entropy	UNCONFIRMED	Wayne Thayer [:wayne]	[ca-compliance]	2019-03-21T23:41:57Z
1536287	Entrust - AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue	ASSIGNED	Dathan Demone	[ca-compliance]	2019-03-20T01:21:50Z
1536760	GlobalSign: Virginia Tech Insufficient Serial Number Entropy	ASSIGNED	douglas.beattie	[ca-compliance]	2019-03-20T20:09:10Z
1536831	GDCA: Insufficient Serial Number Entropy	UNCONFIRMED	Wayne Thayer [:wayne]	[ca-compliance]	2019-03-22T09:15:59Z

84 Total; 84 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here:

https://wiki.mozilla.org/CA/Closed_Incidents

CA/Incident Dashboard

Contents

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

Closed CA Bugs

Closed CA Compliance Bugs

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools