CA/Incident Dashboard
< CA
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1885568 | VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] Next update 2025-07-15 | 2025-06-03T17:09:45Z |
| 1904041 | NETLOCK: Intermediate CA Certificate not disclosed to CCADB | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [disclosure-failure] | 2025-06-06T13:19:08Z |
| 1910805 | DigiCert: Delayed revocation of 1910322 | ASSIGNED | DigiCert | [close on 2025-06-10] [ca-compliance] [leaf-revocation-delay] | 2025-06-06T20:15:03Z |
| 1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2024-11-20T16:01:15Z |
| 1911335 | PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2025-06-04T20:38:46Z |
| 1924385 | D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714 | ASSIGNED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] Next update 2025-06-30 | 2025-06-02T14:31:56Z |
| 1925106 | DigiCert: Incorrect CP listed in CCADB | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] Next update 2025-07-01 | 2025-06-06T19:56:27Z |
| 1927532 | SSL.com: Issuance of certificates using keys previously reported as compromised | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] Next update 2025-06-13 | 2025-05-30T19:26:48Z |
| 1929189 | SwissSign: S/MIME certificates deviate from CPR | ASSIGNED | Mike Guenther | [ca-compliance] [smime-misissuance] Next update 2025-06-17 | 2025-05-28T17:24:27Z |
| 1938167 | NETLOCK: CRL not published in DER Encoded Format | ASSIGNED | Nikolett | [close on 2025-06-10] [ca-compliance] [crl-failure] | 2025-06-03T14:57:41Z |
| 1940957 | Telia: TLS OV certificate with subject countryName and localityName mismatch | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] Next update 2025-06-13 | 2025-05-23T16:15:36Z |
| 1947691 | NETLOCK: Bug 1891331 replacement - delayed revocation - | ASSIGNED | Nikolett | [ca-compliance] [leaf-revocation-delay] | 2025-06-06T13:29:17Z |
| 1948600 | IZENPE: Outdated CPS for Izenpe Root | ASSIGNED | David | [ca-compliance] [disclosure-failure] | 2025-05-30T12:34:54Z |
| 1950574 | SECOM: S/MIME CA Modified Opinion Report of Cybertrust Japan (CTJ) | ASSIGNED | ONO Fumiaki | [ca-compliance] [audit-finding] Next update 2025-09-01 | 2025-02-28T15:35:46Z |
| 1952635 | Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits | ASSIGNED | Bruce Morton | [ca-compliance] [audit-failure] Next update 2025-06-02 | 2025-06-02T17:12:45Z |
| 1955721 | Let's Encrypt: Failure to Document Analysis of Detected Vulnerabilities | ASSIGNED | Phil Porada | [close on 2025-06-10] [ca-compliance] [policy-failure] | 2025-06-03T16:56:33Z |
| 1957140 | SSL.com: "unknown" OCSP response for issued certificates | ASSIGNED | SSL.com | [ca-compliance] [ocsp-failure] Next update 2025-06-12 | 2025-05-29T22:02:12Z |
| 1957474 | Netlock: Failure to Provide Weekly Updates | ASSIGNED | Nikolett | [close on 2025-06-10] [ca-compliance] [policy-failure] [external] | 2025-06-03T14:44:16Z |
| 1957499 | DigiCert: Persistent failure to answer questions in a timely manner | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] [external] | 2025-06-05T20:00:20Z |
| 1958645 | Asseco DS / Certum: DNS service outage | ASSIGNED | Kateryna Aleksieieva | [close on 2025-06-10] [ca-compliance] [uncategorized] | 2025-06-03T14:40:13Z |
| 1959278 | Chunghwa Telecom: Delayed revocation for bug 1951415 | ASSIGNED | Tsung-Min Kuo | [close on 2025-06-10] [ca-compliance] [leaf-revocation-delay] | 2025-06-03T14:46:51Z |
| 1959721 | Lawtrust: The S/MIME CA’s policy identifiers did not align with the CA/Browser Forum Requirements. | ASSIGNED | Marcile De Waal | [close on 2025-06-12] [ca-compliance] [policy-failure] | 2025-06-05T15:38:28Z |
| 1959733 | CFCA: Failed to respond a Certificate Problem Report within 24 hours which violates Section 4.9.5 of the TLS BRs | ASSIGNED | Michael | [ca-compliance] [policy-failure] Next update 2025-06-30 | 2025-05-25T18:34:57Z |
| 1959867 | Google Trust Services: Inconsistent MPCAA secondary perspective logging | ASSIGNED | Google Trust Services | [close on 2025-06-10] [ca-compliance] [policy-failure] | 2025-06-06T19:05:18Z |
| 1961406 | SSL.com: DCV bypass and issue fake certificates for any MX hostname | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] [external] | 2025-06-05T00:54:49Z |
| 1962426 | NETLOCK: CA/Browser Forum TLS BR Non-compliance | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2025-06-06T13:29:38Z |
| 1962809 | SSL.com: Expired certificate for a “Valid” Test Website | ASSIGNED | Rebecca Kelley | [ca-compliance] [policy-failure] Next update 2025-06-20 | 2025-06-06T21:54:49Z |
| 1962829 | Microsoft PKI Services: Policy document bug | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-06-06T21:19:28Z |
| 1962830 | Microsoft PKI Services: Subscriber certificate change made that was not compliant with CPS | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-06-06T21:48:29Z |
| 1963456 | GoDaddy: CA Certificates with HTTPS URL in AIA Field | ASSIGNED | Steven Deitte | [ca-compliance] [ca-misissuance] | 2025-06-03T19:06:44Z |
| 1963629 | HARICA: One of the two Certificate Problem Report email aliases not working | ASSIGNED | Dimitris Zacharopoulos | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-05-23T16:05:46Z |
| 1963663 | Certigna: Multiple Reserved Certificate Policy Identifiers in CA certificates | ASSIGNED | Josselin Allemandou | [close on 2025-06-12] [ca-compliance] [ca-misissuance] | 2025-06-05T15:02:37Z |
| 1963778 | FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] | 2025-06-04T11:36:30Z |
| 1964167 | VikingCloud: Missing CRL in CCADB | ASSIGNED | VikingCloud CA | [close on 2025-06-10] [ca-compliance] [disclosure-failure] | 2025-06-03T14:59:29Z |
| 1964866 | SHECA: OCSP service response error | ASSIGNED | SHECA | [ca-compliance] [ocsp-failure] | 2025-06-05T01:43:26Z |
| 1965459 | Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] | 2025-06-06T04:29:03Z |
| 1965559 | eMudhra: Delayed Publication of Issuing CA Certificates In CCADB | ASSIGNED | Naveen Kumar ML | [ca-compliance] [disclosure-failure] | 2025-06-06T21:51:02Z |
| 1965612 | Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-06-06T22:01:57Z |
| 1965804 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #1 – Improve clarity in CPS | ASSIGNED | Gabriel PETCU | [close on 2025-06-11] [ca-compliance] [audit-finding] | 2025-06-04T21:43:24Z |
| 1965805 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #2 – Add test certificates in CPS | ASSIGNED | Gabriel PETCU | [close on 2025-06-11] [ca-compliance] [audit-finding] | 2025-06-04T21:44:44Z |
| 1965806 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #3 – Missing certSIGN OID on Terms and Conditions | ASSIGNED | Gabriel PETCU | [close on 2025-06-11] [ca-compliance] [audit-finding] | 2025-06-04T23:20:05Z |
| 1965808 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #5 – Conflicting info in CPS | ASSIGNED | Gabriel PETCU | [close on 2025-06-11] [ca-compliance] [audit-finding] | 2025-06-04T23:19:37Z |
| 1965828 | SwissSign: OCSP outage | ASSIGNED | Roman Fischer | [ca-compliance] [ocsp-failure] | 2025-06-06T06:34:53Z |
| 1966006 | KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB | ASSIGNED | Waldemar Brzozowski | [ca-compliance] [disclosure-failure] | 2025-06-03T14:52:50Z |
| 1967929 | KIR: Failed to respond a Certificate Problem Report within 24 hours | ASSIGNED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2025-05-29T15:54:34Z |
| 1967951 | FNMT: Delayed Disclosure of Updated Policy Documents in the CCADB | ASSIGNED | Amaya Espinosa | [ca-compliance] [disclosure-failure] | 2025-06-03T07:26:16Z |
| 1968246 | Entrust: Incomplete privileged access removal within 24 hours | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] | 2025-06-04T21:36:04Z |
| 1968836 | Certainly: Sample Websites Unavailable | ASSIGNED | Daniel Jeffery | [ca-compliance] [policy-failure] | 2025-06-02T23:11:24Z |
| 1969036 | Telia: TLS incorrect AIA caIssuer URI and incorrect CDP | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] | 2025-06-06T04:32:18Z |
| 1969296 | GoDaddy: Certificates with invalid embedded SCT signatures | ASSIGNED | Steven Deitte | [ca-compliance] [dv-misissuance] | 2025-06-05T21:03:21Z |
| 1969842 | ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9 | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-03T14:50:47Z |
| 1970259 | GoDaddy: Precertificates incorrectly logged to DigiCert SCT Logs | ASSIGNED | Steven Deitte | [ca-compliance] [uncategorized] | 2025-06-04T16:43:28Z |
| 1970559 | ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-05T15:35:39Z |
| 1970565 | ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:34:42Z |
| 1970567 | ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:33:58Z |
| 1970727 | eMudhra: Failure to respond to a Problem Report within 24 hours | ASSIGNED | Naveen Kumar ML | [ca-compliance] [policy-failure] | 2025-06-06T08:29:41Z |
| 1970728 | eMudhra: Invalid CRL signatures | ASSIGNED | Naveen Kumar ML | [ca-compliance] [crl-failure] [external] | 2025-06-06T12:43:24Z |
57 Total; 57 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: