← Government of Taiwan, Government Root Certification Authority (GRCA) cases
Bugzilla #1397832 Certificate Problem Report

GRCA: Signing SHA-1 OCSP responses with unconstrained certificate

RESOLVED FIXED Government of Taiwan, Government Root Certification Authority (GRCA)
AI Summary

The Government Root Certification Authority (GRCA) was found to be signing OCSP responses with SHA-1, which violates Mozilla's Root Store Policy. The issue was reported on September 7, 2017, and GRCA acknowledged the problem, stating that a subordinate CA misunderstood the policy. GRCA took corrective actions, including stopping the use of SHA-1 for OCSP responses by September 30, 2017. The case was resolved on February 22, 2023, after confirming compliance with the policy.

Model: gpt-4o-mini Generated: 2026-06-13 17:08 UTC Confidence: 0.95
Chronology
  1. Bug reported regarding SHA-1 OCSP responses.
  2. GRCA identified the incident.
  3. GRCA confirmed the issue was fixed.
  4. Bug resolved after compliance confirmation.
Participants
Andrew Ayer Kathleen Wilson Gervase Markham Hung-Yu Hsu Rob Betwu
External References
Original Bugzilla Case bugzilla.mozilla.org ccadb-public.secure.force.com
Similar Local Cases
#1353833 RESOLVED Certificate Problem Report Opened 2017-04-05 · Closed 2023-02-22 · 57% similar
GlobalSign: Incapsula issued a certificate for non-existing domain (testslsslfeb20.me)
AI Summary CA Owner
#1398259 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 56% similar
SECOM: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1391087 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 55% similar
Visa: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1350615 RESOLVED Certificate Problem Report Opened 2017-03-25 · Closed 2022-11-14 · 55% similar
Camerfirma: Startcom are issuing by proxy using Camerfirma
AI Summary CA Owner
#1330482 RESOLVED Certificate Problem Report Opened 2017-01-12 · Closed 2023-02-22 · 55% similar
GoDaddy: New GoDaddy incorrect issuance bug appears to be regression of 2010 issue
AI Summary CA Owner
#682956 RESOLVED Certificate Problem Report Opened 2011-08-29 · Closed 2022-11-14 · 55% similar
Investigate *.google.com certificate issued by DigiNotar and used by Iran government?
AI Summary CA Owner
#1390977 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 55% similar
Camerfirma: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1060863 RESOLVED Certificate Problem Report Opened 2014-08-30 · Closed 2022-11-14 · 54% similar
LuxTrust: issuing 1024 bit certificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action