CA/Incident Dashboard
< CA
Jump to navigation
Jump to search
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1885568 | VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] Next update 2025-07-15 | 2025-06-03T17:09:45Z |
| 1904041 | NETLOCK: Intermediate CA Certificate not disclosed to CCADB | ASSIGNED | Nikolett | [close on 2025-07-01] [ca-compliance] [policy-failure] [disclosure-failure] | 2025-06-25T15:31:31Z |
| 1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z |
| 1911335 | PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2025-06-25T15:44:06Z |
| 1924385 | D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714 | ASSIGNED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] Next update 2025-06-30 | 2025-06-02T14:31:56Z |
| 1925106 | DigiCert: Incorrect CP listed in CCADB | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] Next update 2025-07-01 | 2025-06-20T16:39:54Z |
| 1927532 | SSL.com: Issuance of certificates using keys previously reported as compromised | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] Next update 2025-06-25 | 2025-06-25T21:15:26Z |
| 1929189 | SwissSign: S/MIME certificates deviate from CPR | ASSIGNED | Mike Guenther | [close on 2025-07-01] [ca-compliance] [smime-misissuance] | 2025-06-24T22:50:30Z |
| 1947691 | NETLOCK: Bug 1891331 replacement - delayed revocation - | ASSIGNED | Nikolett | [ca-compliance] [leaf-revocation-delay] | 2025-06-25T15:31:43Z |
| 1948600 | IZENPE: Outdated CPS for Izenpe Root | ASSIGNED | David | [close on 2025-07-01] [ca-compliance] [disclosure-failure] | 2025-06-24T23:09:37Z |
| 1950574 | SECOM: S/MIME CA Modified Opinion Report of Cybertrust Japan (CTJ) | ASSIGNED | ONO Fumiaki | [ca-compliance] [audit-finding] Next update 2025-09-01 | 2025-02-28T15:35:46Z |
| 1952635 | Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits | ASSIGNED | Bruce Morton | [ca-compliance] [audit-failure] Next update 2025-07-21 | 2025-06-23T20:51:39Z |
| 1957140 | SSL.com: "unknown" OCSP response for issued certificates | ASSIGNED | SSL.com | [ca-compliance] [ocsp-failure] Next update 2025-06-26 | 2025-06-18T15:22:17Z |
| 1957499 | DigiCert: Persistent failure to answer questions in a timely manner | ASSIGNED | DigiCert | [close on 2025-07-01] [ca-compliance] [disclosure-failure] [external] | 2025-06-24T22:56:57Z |
| 1959733 | CFCA: Failed to respond a Certificate Problem Report within 24 hours which violates Section 4.9.5 of the TLS BRs | ASSIGNED | Michael | [ca-compliance] [policy-failure] Next update 2025-06-30 | 2025-05-25T18:34:57Z |
| 1961406 | SSL.com: DCV bypass and issue fake certificates for any MX hostname | ASSIGNED | Rebecca Kelley | [close on 2025-07-02] [ca-compliance] [dv-misissuance] [external] | 2025-06-25T18:21:32Z |
| 1962426 | NETLOCK: CA/Browser Forum TLS BR Non-compliance | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2025-06-20T13:07:42Z |
| 1962809 | SSL.com: Expired certificate for a “Valid” Test Website | ASSIGNED | Rebecca Kelley | [ca-compliance] [policy-failure] Next update 2025-07-03 | 2025-06-21T19:57:16Z |
| 1962829 | Microsoft PKI Services: Policy document bug | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-06-20T21:41:25Z |
| 1963456 | GoDaddy: CA Certificates with HTTPS URL in AIA Field | ASSIGNED | Steven Deitte | [ca-compliance] [ca-misissuance] Next update 2025-07-01 | 2025-06-24T23:12:09Z |
| 1963629 | HARICA: One of the two Certificate Problem Report email aliases not working | ASSIGNED | Dimitris Zacharopoulos | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-06-19T16:56:53Z |
| 1963778 | FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] | 2025-06-24T18:18:40Z |
| 1964866 | SHECA: OCSP service response error | ASSIGNED | SHECA | [close on 2025-07-01] [ca-compliance] [ocsp-failure] | 2025-06-24T23:02:26Z |
| 1965459 | Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] | 2025-06-19T05:06:28Z |
| 1965559 | eMudhra: Delayed Publication of Issuing CA Certificates In CCADB | ASSIGNED | Naveen Kumar ML | [close on 2025-07-01] [ca-compliance] [disclosure-failure] | 2025-06-24T22:44:56Z |
| 1965612 | Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-06-20T23:38:17Z |
| 1965828 | SwissSign: OCSP outage | ASSIGNED | Roman Fischer | [ca-compliance] [ocsp-failure] Next update 2025-07-18 | 2025-06-20T17:33:24Z |
| 1966006 | KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB | ASSIGNED | Waldemar Brzozowski | [close on 2025-07-01] [ca-compliance] [disclosure-failure] | 2025-06-24T22:47:58Z |
| 1967929 | KIR: Failed to respond a Certificate Problem Report within 24 hours | ASSIGNED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2025-06-24T06:30:16Z |
| 1967951 | FNMT: Delayed Disclosure of Updated Policy Documents in the CCADB | ASSIGNED | Amaya Espinosa | [close on 2025-07-01] [ca-compliance] [disclosure-failure] | 2025-06-24T23:04:05Z |
| 1968246 | Entrust: Incomplete privileged access removal within 24 hours | ASSIGNED | Bruce Morton | [close on 2025-07-01] [ca-compliance] [policy-failure] | 2025-06-24T22:49:14Z |
| 1968836 | Certainly: Sample Websites Unavailable | ASSIGNED | Daniel Jeffery | [ca-compliance] [policy-failure] | 2025-06-23T18:54:23Z |
| 1969036 | Telia: TLS incorrect AIA caIssuer URI and incorrect CDP | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] Next update 2025-06-27 | 2025-06-14T19:34:33Z |
| 1969296 | GoDaddy: Certificates with invalid embedded SCT signatures | ASSIGNED | Steven Deitte | [ca-compliance] [dv-misissuance] | 2025-06-24T20:49:34Z |
| 1969842 | ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9 | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-03T14:50:47Z |
| 1970259 | GoDaddy: Precertificates incorrectly logged to DigiCert SCT Logs | ASSIGNED | Steven Deitte | [ca-compliance] [uncategorized] | 2025-06-19T19:38:09Z |
| 1970559 | ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-05T15:35:39Z |
| 1970565 | ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:34:42Z |
| 1970567 | ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:33:58Z |
| 1970727 | eMudhra: Failure to respond to a Problem Report within 24 hours | ASSIGNED | Naveen Kumar ML | [ca-compliance] [policy-failure] | 2025-06-23T11:04:44Z |
| 1970728 | eMudhra: Invalid CRL signatures | ASSIGNED | Naveen Kumar ML | [ca-compliance] [crl-failure] [external] | 2025-06-23T11:05:13Z |
| 1970968 | Microsoft PKI Services: Incorrect Revocation Reason Code | ASSIGNED | Microsoft PKI Services | [ca-compliance] [crl-failure] | 2025-06-20T21:53:49Z |
| 1972158 | Sectigo: Lack of documentation for vulnerability NVD rating adjustment | ASSIGNED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2025-06-25T07:34:20Z |
| 1972547 | Sectigo: Lack of technical controls for multiparty control access to Secure Zone | ASSIGNED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2025-06-25T11:26:54Z |
| 1972745 | Let's Encrypt: Deployed Unreviewed Boulder Code | ASSIGNED | Jacob Hoffman-Andrews | [ca-compliance] [policy-failure] | 2025-06-23T23:10:51Z |
| 1972887 | A-Trust: TLS non-compliance detected during linter implementation | ASSIGNED | Ramin Sabet | [ca-compliance] [ov-misissuance] | 2025-06-25T16:06:10Z |
| 1973027 | Certigna: Finding #1 ETSI Audit – French translation missing from S/MIME CP/CPS | ASSIGNED | Josselin Allemandou | [close on 2025-07-02] [ca-compliance] [audit-finding] | 2025-06-25T15:20:43Z |
| 1973032 | Certigna: Finding #2 ETSI Audit - Risks regarding the certification of device not described | ASSIGNED | Josselin Allemandou | [close on 2025-07-02] [ca-compliance] [audit-finding] | 2025-06-25T15:19:57Z |
| 1973034 | Certigna: Finding #3 ETSI Audit – Event log protection beyond seven years shall be improved | ASSIGNED | Josselin Allemandou | [close on 2025-07-02] [ca-compliance] [audit-finding] | 2025-06-25T15:18:56Z |
| 1973236 | ANF AC: Delayed Disclosure of Updated Policy Documents in CCADB | ASSIGNED | Pablo Díaz | [ca-compliance] [disclosure-failure] | 2025-06-20T17:24:24Z |
| 1973238 | Actalis: incorrect CP/S Last Update date in CCADB | ASSIGNED | Adriano Santoni | [ca-compliance] [disclosure-failure] | 2025-06-24T18:11:13Z |
| 1973341 | eMudhra emSign PKI Services :Policy Document Inconsistency | ASSIGNED | Naveen Kumar ML | [ca-compliance] [uncategorized] | 2025-06-25T19:44:08Z |
52 Total; 52 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Revocation Delays
A Revocation Bug is created whenever a CA fails to abide by the Baseline Requirements' requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: