CA/Incident Dashboard
< CA
Jump to navigation
Jump to search
Open CA Bugs in Bugzilla
There are three separate lists of open compliance bugs below:
- Compliance bugs (not including audit delays or leaf revocation delays)
- Audit Delays
- Leaf Revocation Delays
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or a CA/Browser Forum requirement, and is determined to not be an imminent security concern. A CA's response to a CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=CA+Program&component=CA+Certificate+Compliance&version=other
- Whiteboard = [ca-compliance]
- If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
| Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
|---|---|---|---|---|---|---|
| Actalis: Issuance of certificate using keys previously reported as compromised | 2012157 | ASSIGNED | Federica Marti | [ca-compliance] [dv-misissuance] | 2026-01-28T08:04:46Z | 2026-01-23T16:30:42Z |
| Amazon Trust Services: Additional CRL Characteristics Desired in CP/CPS | 2009525 | ASSIGNED | Aaron Poulsen (Amazon Trust Services) | [ca-compliance] [policy-failure] | 2026-02-02T22:18:08Z | 2026-01-09T23:48:27Z |
| Asseco DS / Certum: CRL URLs disclosed in CCADB do not exactly match the CRL URLs in certificates | 2007105 | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [disclosure-failure] Next update 2026-03-31 | 2026-01-16T18:32:55Z | 2025-12-19T13:32:26Z |
| Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #1 - Compliance auditing on support processes | 2005194 | ASSIGNED | Mads Henriksveen | [ca-compliance] [audit-finding] Next update 2026-02-15 | 2026-01-16T18:25:55Z | 2025-12-10T13:20:20Z |
| Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #2 - Supply chain policy | 2005196 | ASSIGNED | Mads Henriksveen | [ca-compliance] [audit-finding] Next update 2026-02-15 | 2026-01-22T15:48:12Z | 2025-12-10T13:22:48Z |
| Certigna: Failure to respond to CPR within 24 hours | 2004704 | ASSIGNED | Josselin Allemandou | [ca-compliance] [policy-failure] [external] Next update 2026-02-28 | 2026-02-03T09:10:26Z | 2025-12-08T14:16:42Z |
| CFCA: DV OCA caIssuers Returns PEM Encoded Certificate (RFC 5280 Section 4.2.2.1 Violation) | 2005399 | ASSIGNED | Michael | [ca-compliance] [policy-failure] | 2026-02-04T01:38:52Z | 2025-12-11T02:49:24Z |
| CFCA: EV Certificates misissued with incorrect businessCategory | 2006333 | ASSIGNED | Michael | [ca-compliance] [ev-misissuance] | 2026-02-02T16:59:18Z | 2025-12-16T12:59:00Z |
| CFCA: reporting delayed when handling incident bug #2005399 | 2009134 | ASSIGNED | Michael | [ca-compliance] [policy-failure] [disclosure-failure] | 2026-02-02T01:03:14Z | 2026-01-08T09:43:59Z |
| CFCA: reporting delayed when handling incident bug #2006333 | 2010525 | ASSIGNED | Michael | [ca-compliance] [policy-failure] | 2026-02-02T03:54:58Z | 2026-01-15T09:40:46Z |
| Chunghwa Telecom: Delayed disclosure to Bug 2008782 GTLSCA Audit Incident Report #1 - mass certificate revocation plan | 2009043 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] [disclosure-failure] | 2026-02-01T03:34:22Z | 2026-01-07T21:37:32Z |
| Chunghwa Telecom: Delayed disclosure to Bug 2008788 GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version | 2009045 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] [disclosure-failure] | 2026-02-01T03:44:44Z | 2026-01-07T21:41:18Z |
| Chunghwa Telecom: Delayed disclosure to Bug 2008799 GTLSCA Audit Incident Report #3 - Missing vulnerability scan | 2009046 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] [disclosure-failure] | 2026-02-01T03:50:44Z | 2026-01-07T21:46:03Z |
| Chunghwa Telecom: Delayed disclosure to Bug 2008803 GTLSCA Audit Incident Report #4 - Missing evaluation for third parties | 2009048 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] [disclosure-failure] | 2026-02-01T03:53:46Z | 2026-01-07T21:49:17Z |
| Chunghwa Telecom: Failure to respond to CPR within 24 hours | 2005762 | ASSIGNED | Tsung-Min Kuo | [close on 2026-02-05] [ca-compliance] [policy-failure] | 2026-01-29T15:38:45Z | 2025-12-12T15:10:14Z |
| Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #1 - mass certificate revocation plan | 2008782 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [audit-finding] | 2026-01-29T02:05:58Z | 2026-01-06T19:17:11Z |
| Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version | 2008788 | ASSIGNED | Tsung-Min Kuo | [close on 2026-02-10] [ca-compliance] [audit-finding] | 2026-02-03T15:41:15Z | 2026-01-06T19:38:32Z |
| Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #3 - Missing vulnerability scan | 2008799 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [audit-finding] | 2026-01-30T22:30:57Z | 2026-01-06T20:03:18Z |
| Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #4 - Missing evaluation for third parties | 2008803 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [audit-finding] | 2026-01-30T22:31:49Z | 2026-01-06T20:18:56Z |
| Chunghwa Telecom: Issuance of certificate using keys previously reported as compromised | 2012274 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [ov-misissuance] | 2026-02-04T13:24:35Z | 2026-01-24T10:43:56Z |
| D-Trust: CRL HTTP Media Type | 2012511 | ASSIGNED | Ana Laura Martorano | [ca-compliance] [crl-failure] | 2026-01-29T14:11:40Z | 2026-01-26T16:16:11Z |
| D-Trust: CRL URL Disclosure | 2007116 | ASSIGNED | Ana Laura Martorano | [ca-compliance] [disclosure-failure] | 2026-02-02T15:46:18Z | 2025-12-19T14:22:17Z |
| D-Trust: CRLs of CAs issuing CA certificates exceed the maximum validity period | 2010600 | ASSIGNED | Ana Laura Martorano | [ca-compliance] [crl-failure] | 2026-02-04T15:15:55Z | 2026-01-15T15:25:29Z |
| D-Trust: Expired certificate provided on the CA TLS test website for demonstration of valid certificates | 2009149 | ASSIGNED | Ana Laura Martorano | [ca-compliance] [policy-failure] | 2026-02-01T12:03:22Z | 2026-01-08T12:14:02Z |
| DigiCert: Issues with CCADB entries | 2013375 | ASSIGNED | DigiCert | [ca-compliance] | 2026-02-03T21:53:28Z | 2026-01-29T19:23:51Z |
| DigiCert: Several non-functioning AIA URLs | 2009491 | ASSIGNED | DigiCert | [ca-compliance] [policy-failure] | 2026-02-02T20:34:49Z | 2026-01-09T21:29:04Z |
| DigiCert: Some certificates issued with CRLDPs that don’t exactly match CCADB disclosures | 2007219 | ASSIGNED | DigiCert | [ca-compliance] [disclosure failure] Next update 2026-02-02 | 2026-02-02T20:35:26Z | 2025-12-20T00:36:17Z |
| Disig: Certificates with invalid embedded SCT signature | 2007132 | ASSIGNED | Jozef Nigut | [close on 2026-02-10] [ca-compliance] [uncategorized] | 2026-02-04T07:26:20Z | 2025-12-19T16:20:44Z |
| eMudhra emSign PKI Services: CRL URL Mismatch Between CCADB Disclosure and Issued Certificates | 2007297 | ASSIGNED | Naveen Kumar ML | [ca-compliance] [disclosure failure] | 2026-01-28T10:44:03Z | 2025-12-21T12:56:39Z |
| Financijska agencija (Fina): Mis-issued certificates | 1986968 | ASSIGNED | miroslav.perincic | [ca-compliance] [dv-misissuance] | 2026-01-30T05:00:53Z | 2025-09-04T16:47:06Z |
| Firmaprofesional: Misissuance of TLS Subordinate CA "AC Firmaprofesional - Secure Web 2024" | 2009941 | ASSIGNED | ext-antoni.camon | [ca-compliance] [ca-misissuance] | 2026-02-03T11:46:39Z | 2026-01-13T10:59:12Z |
| FNMT: Issuance of certificate using keys previously reported as compromised | 2012326 | ASSIGNED | Amaya Espinosa | [ca-compliance] [ev-misissuance] | 2026-02-02T22:04:39Z | 2026-01-25T10:34:37Z |
| GlobalSign: misalignment of CRL URL in CCADB with issued certificates | 2007098 | ASSIGNED | Christophe Bonjean | [ca-compliance] [disclosure-failure] | 2026-01-29T15:46:09Z | 2025-12-19T13:00:22Z |
| GoDaddy: CA Certificates Published in PEM format | 2004845 | ASSIGNED | Steven Deitte | [ca-compliance] [policy-failure] | 2026-01-30T16:55:57Z | 2025-12-09T01:00:32Z |
| GoDaddy: CRL Disclosure in CCADB Mismatch with Issued Certificates | 2007216 | ASSIGNED | Steven Deitte | [ca-compliance] [disclosure failure] | 2026-01-27T18:49:42Z | 2025-12-20T00:13:07Z |
| GoDaddy: Partitioned CRL files missing Issuing Distribution Point | 2007217 | ASSIGNED | Steven Deitte | [ca-compliance] [disclosure failure] Next update 2026-02-20 | 2026-01-29T14:56:46Z | 2025-12-20T00:15:11Z |
| IdenTrust: CA Certificate not published in DER Encoded Format | 2004492 | ASSIGNED | IdenTrust | [Close on 2026-02-05] [ca-compliance] [policy-failure] | 2026-01-29T15:04:42Z | 2025-12-05T23:02:09Z |
| iTrusChina: Finding in Routine WebTrust Audit - Domain validation records without the TLS BR version | 2013805 | ASSIGNED | iTrusChina Co.,Ltd. | [ca-compliance] [audit-finding] | 2026-02-02T21:48:47Z | 2026-02-02T02:51:31Z |
| Microsec: "DV valid" test website certificate issued under incorrect root | 2013576 | ASSIGNED | dr. Sándor SZŐKE | [ca-compliance] [policy-failure] | 2026-01-30T23:28:52Z | 2026-01-30T16:02:10Z |
| Microsec: CT Logging mistakes | 2005939 | ASSIGNED | dr. Sándor SZŐKE | [ca-compliance] [uncategorized] | 2026-01-29T15:26:58Z | 2025-12-14T14:45:10Z |
| Microsoft PKI Services: Improper Disclosure of CRL | 2007221 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [disclosure failure] | 2026-01-30T21:00:46Z | 2025-12-20T00:39:37Z |
| Microsoft PKI Services: Improper Disclosure of CRLs – Does Not Match CA Subject | 2009543 | ASSIGNED | Microsoft PKI Services | [close on 2026-02-06] [ca-compliance] [disclosure-failure] | 2026-01-30T23:15:06Z | 2026-01-10T01:14:19Z |
| Microsoft PKI Services: Improper Disclosure of CRLs – IDP – Existing CAs | 2009539 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [disclosure-failure] | 2026-01-30T22:34:00Z | 2026-01-10T01:09:51Z |
| Microsoft PKI Services: Improper Disclosure of CRLs – IDP – New CAs | 2009542 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [disclosure-failure] | 2026-01-30T23:00:50Z | 2026-01-10T01:13:09Z |
| Microsoft PKI Services: Improper Disclosure of CRLs – Protocol Scheme | 2009545 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [disclosure-failure] | 2026-01-30T22:52:23Z | 2026-01-10T01:15:03Z |
| Microsoft PKI Services: Policy document bug | 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2026-01-30T20:54:55Z | 2025-04-26T02:10:29Z |
| Microsoft PKI Services: Sample Site Certificates expired | 2008847 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2026-01-30T21:29:45Z | 2026-01-06T22:37:42Z |
| Microsoft PKI Services: Failure to report within 72 hrs - Sample Site Certs Expired | 2009541 | ASSIGNED | Microsoft PKI Services | [close on 2026-02-10] [ca-compliance] [policy-failure] | 2026-02-04T03:38:19Z | 2026-01-10T01:10:57Z |
| Microsoft PKI Services: OCSP Non-Compliance | 1999850 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [ocsp-failure] Next update 2026-02-20 | 2025-12-29T22:08:57Z | 2025-11-13T01:29:14Z |
| NAVER Cloud Trust Services: Encoding non-conformity in SCT extensions | 2006711 | ASSIGNED | Hogeun Yoo | [ca-compliance] [uncategorized] | 2026-02-04T13:02:36Z | 2025-12-17T18:26:21Z |
| Netlock: CA in AIA in PEM format | 2004699 | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-02-02T20:21:02Z | 2025-12-08T13:50:23Z |
| NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe | 2013400 | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-01-29T21:44:28Z | 2026-01-29T20:56:39Z |
| NETLOCK: Full Incident Report was not published within 14 days of notification | 2007948 | ASSIGNED | Roland | [ca-compliance] [disclosure failure] | 2026-02-02T21:35:31Z | 2025-12-29T20:30:46Z |
| NETLOCK: Missing Related Incidents section in the bug report | 2013395 | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-01-29T21:45:21Z | 2026-01-29T20:50:07Z |
| Netlock: unspecifed revocation code (0) in CRL | 2011314 | ASSIGNED | Roland | [ca-compliance] [crl-failure] | 2026-02-02T21:28:01Z | 2026-01-19T21:40:56Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #1 – Document Management | 2008021 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:27:01Z | 2025-12-30T15:16:26Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #2 – Supply Chain Management | 2008023 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2026-01-30T17:14:09Z | 2025-12-30T15:17:55Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #3 – Asset Management | 2008024 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:26:02Z | 2025-12-30T15:19:04Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #4 – Incident Management | 2008025 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:25:01Z | 2025-12-30T15:19:59Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #5 – Risk Management | 2008026 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:24:12Z | 2025-12-30T15:22:03Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #6 – Access Control Management | 2008027 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:23:25Z | 2025-12-30T15:22:47Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #7 – Change Management | 2008028 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2026-01-30T17:14:35Z | 2025-12-30T15:23:57Z |
| PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #8 – Human Resources Management | 2008029 | ASSIGNED | Policy Authority PKIoverheid | [close on 2026-02-06] [ca-compliance] [audit-finding] | 2026-01-30T23:22:41Z | 2025-12-30T15:24:58Z |
| PKIoverheid: TSP Cleverbase Findings in 2025 ETSI Audit - Incident Report #1 – Incorrect issuer CA listed in CPS | 1985816 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] Next update 2026-04-14 | 2026-01-27T15:16:50Z | 2025-08-28T15:39:28Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit | 1983263 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2026-01-27T14:55:50Z | 2025-08-15T14:05:23Z |
| PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management | 1983267 | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] Next update 2026-03-20 | 2026-01-27T15:16:07Z | 2025-08-15T14:09:40Z |
| SECOM: Invalid stateOrProvinceName | 2004654 | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [ov-misissuance] | 2026-02-04T06:12:55Z | 2025-12-08T10:09:35Z |
| SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ) | 2007070 | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [ov-misissuance] | 2026-01-30T06:19:21Z | 2025-12-19T08:01:55Z |
| Sectigo: Inaccuracy of CCADB-Disclosed URL for eIDAS CP/CPS | 2010885 | ASSIGNED | Martijn Katerbarg | [ca-compliance] [disclosure-failure] | 2026-01-30T13:42:16Z | 2026-01-16T16:07:58Z |
| SHECA: subordinate certificates have not published the complete CRL address in CCADB | 2007089 | ASSIGNED | SHECA | [ca-compliance] [disclosure-failure] | 2026-02-02T08:57:29Z | 2025-12-19T11:06:11Z |
| SHECA: TLS certificate key generation online | 1993357 | ASSIGNED | SHECA | [ca-compliance] [dv-misissuance] [ov-misissuance] Next update 2026-02-28 | 2026-01-30T23:31:09Z | 2025-10-08T19:46:26Z |
| SwissSign: recommendation on backup testing | 1990272 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:09Z | 2025-09-23T17:06:29Z |
| SwissSign: recommendation on BIA/BCP review | 1990263 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:27Z | 2025-09-23T16:53:15Z |
| SwissSign: recommendation on BIA/BCP test coverage | 1990266 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:38Z | 2025-09-23T16:55:40Z |
| SwissSign: recommendation on CA-specific risk assessment | 1990277 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:51Z | 2025-09-23T17:08:41Z |
| SwissSign: recommendation on document release dual control | 1990269 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:48Z | 2025-09-23T17:03:05Z |
| SwissSign: recommendation on evaluation of cloud service providers | 1990276 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:39Z | 2025-09-23T17:08:11Z |
| SwissSign: recommendation on firewall review | 1990271 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:54Z | 2025-09-23T17:05:31Z |
| SwissSign: recommendation on linting software updates | 1990282 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-11-03T08:50:16Z | 2025-09-23T17:12:55Z |
| SwissSign: recommendation on log review process | 1990285 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:54:20Z | 2025-09-23T17:14:00Z |
| SwissSign: recommendation on publication process for CA related data | 1990275 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:27Z | 2025-09-23T17:07:40Z |
| SwissSign: recommendation on review of key pair generation implementation | 1990284 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:53:56Z | 2025-09-23T17:13:29Z |
| SwissSign: recommendation on risk assessment | 1990254 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:50:25Z | 2025-09-23T16:08:48Z |
| SwissSign: recommendation on self-assessment tool | 1990281 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:53:00Z | 2025-09-23T17:12:19Z |
| SwissSign: recommendation on synchronization of staging and production environments | 1990274 | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:18Z | 2025-09-23T17:07:10Z |
| Telekom Security / DFN: CRL of “DFN-Verein Certification Authority 2“ contains empty revoked certificate list | 2011238 | ASSIGNED | Stefan Kirch | [ca-compliance] [crl-failure] | 2026-01-30T08:14:37Z | 2026-01-19T15:10:05Z |
| Telia: Inccorrect CRL URL on a Root CA record in CCADB | 2012934 | ASSIGNED | Antti Backman | [ca-compliance] [disclosure-failure] | 2026-02-04T05:05:22Z | 2026-01-28T06:13:14Z |
| Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile | 2012101 | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] | 2026-02-02T19:28:15Z | 2026-01-23T12:25:35Z |
| TrustAsia: ACME Authorization Reuse Non-Compliance | 2011713 | ASSIGNED | TrustAsia | [ca-compliance] [dv-misissuance] | 2026-02-04T06:06:33Z | 2026-01-21T17:12:29Z |
| TrustAsia: SSL DV Mis-issuance against CP/CPS (IPAddress) | 2011865 | ASSIGNED | TrustAsia | [ca-compliance] [dv-misissuance] | 2026-02-04T12:39:13Z | 2026-01-22T12:50:09Z |
| VikingCloud: CP/CPS and SecureTrust Root transition intermediate timing issue | 2012629 | ASSIGNED | VikingCloud CA | [ca-compliance] [policy-failure] | 2026-02-04T00:07:26Z | 2026-01-27T00:22:25Z |
91 Total; 91 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Audit Delays
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.
- Whiteboard = [ca-compliance][audit-delay]
- For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
| Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
|---|---|---|---|---|---|---|
| Chunghwa Telecom: Delayed audit disclosure for GTLSCA | 2008260 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [audit-delay] | 2026-01-30T22:28:02Z | 2025-12-31T19:54:11Z |
| D-Trust: Delayed publication of audit attestation letters in the CCADB | 2011430 | ASSIGNED | Ana Laura Martorano | [ca-compliance] [audit-delay] | 2026-02-03T14:04:36Z | 2026-01-20T14:51:29Z |
2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Revocation Delays
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
| Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
|---|---|---|---|---|---|---|
| [meta] Delayed Revocation | 1911183 | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z | 2024-08-01T20:05:04Z |
| Firmaprofesional: Delayed revocation of TLS certificates affected by bug #2009941 | 2011855 | ASSIGNED | ext-antoni.camon | [ca-compliance] [leaf-revocation-delay] [ca-revocation-delay] | 2026-01-27T15:40:10Z | 2026-01-22T12:13:47Z |
| Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | 1965612 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2026-02-03T16:31:25Z | 2025-05-10T01:34:01Z |
| SHECA: Delayed revocation of TLS certificates affected by bug #1993357 | 1994051 | ASSIGNED | SHECA | [ca-compliance] [leaf-revocation-delay] Next update 2026-02-28 | 2026-01-30T23:31:36Z | 2025-10-13T18:23:58Z |
4 Total; 4 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: