← certSIGN cases
Bugzilla #1398243 Certificate Problem Report

certSIGN: Non-BR-Compliant OCSP Responders

RESOLVED FIXED certSIGN
AI Summary

The certSIGN CA faced issues with its OCSP responders not complying with the Baseline Requirements (BRs), specifically responding with a 'good' status for unissued certificates. The problem was identified through discussions in the Mozilla security policy forum. certSIGN acknowledged the issues and took corrective actions, including fixing a misconfiguration and updating their OCSP monitoring service. They committed to improving their processes to prevent future non-compliance, including consulting with auditors and enhancing their testing procedures.

Model: gpt-4o-mini Generated: 2026-06-13 17:08 UTC Confidence: 0.95
Chronology
  1. certSIGN became aware of the OCSP issues via a discussion in the Mozilla security policy forum.
  2. The misconfiguration for the OCSP for certSIGN Enterprise CA was fixed.
  3. certSIGN updated their OCSP responder to comply with the BRs for the ROOT CA.
  4. The issue was resolved, and all questions were answered.
Participants
Cristian Garabet Kathleen Wilson Ryan Sleevi
External References
Original Bugzilla Case groups.google.com wiki.mozilla.org
Related Bugzilla IDs Mentioned
#1029147
Similar Local Cases
#1390988 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 61% similar
Consorci AOC: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1398251 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 60% similar
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1391087 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 59% similar
Visa: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1398242 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 59% similar
Disig: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1390990 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 59% similar
D-TRUST: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1398247 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 58% similar
DocuSign/Keynectis: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1390977 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 58% similar
Camerfirma: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1390997 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 57% similar
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action