← Izenpe S.A. cases
Bugzilla #1398258
Certificate Misissuance
Izenpe: Non-BR-Compliant OCSP Responders
RESOLVED
FIXED
Izenpe S.A.
AI Summary
Izenpe S.A. faced issues with their OCSP responders, which were found to be non-compliant with the Baseline Requirements (BRs). Specifically, the responders incorrectly returned a 'good' status for unissued certificates. The problem was identified on August 29, 2017, and was resolved by September 5, 2017. An incident report was requested to document the issue and the steps taken to rectify it. The CA has since implemented testing procedures to prevent similar issues in the future.
Chronology
- Problem identified in mozilla.dev.security.policy forum.
- Problem fixed in production environment.
Participants
Kathleen Wilson
Oscar Garcia
Gerv
External References
Similar Local Cases
Izenpe: Multiple invalid EV certificates issued
DigiCert: Verizon mis-issued test certificates
Izenpe: OU > 64 characters
NetLock: Non-BR-Compliant Certificate Issuance
DigiCert / Terena: Metadata in OU fields
DigiCert / Justica: Invalid DNS names
DigiCert / Inteso San Paulo: Double dot characters
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist