Camerfirma: MULTICERT Misissuance and missing audits

The case involves MULTICERT's misissuance of 174 certificates due to invalid QCStatements, which violated the syntax of the qcStatements extension. Additionally, it was discovered that the MULTICERT SSL Certification Authority 001 was not included in the scope of the required audits, leading to compliance issues. The audit for MULTICERT did not cover all necessary periods, resulting in a gap that was only addressed through a memo from the auditor. Despite efforts to remediate the situation, including stopping certificate issuance and reissuing affected certificates, concerns about compliance remain unresolved.

1. 2018-10-29 Misissuance reported by Ryan Sleevi.
2. 2018-11-05 MULTICERT provides audit attestation letter.
3. 2018-11-13 Incident report detailing actions taken by MULTICERT.
4. 2018-11-21 Discussion on audit gaps and compliance.
5. 2019-06-19 New audit reports submitted.
6. 2020-01-31 Concerns raised about audit compliance.
7. 2020-05-27 Summary of unresolved compliance issues.