← Google Trust Services LLC cases
Bugzilla #1522975
Certificate Problem Report
Google Trust Services: Improper OCSP response for intermediate certificate
RESOLVED
FIXED
Google Trust Services LLC
AI Summary
Google Trust Services LLC reported an incident regarding an improper OCSP response generated for its intermediate CA, GTSY1. The issue arose during a signing ceremony in October 2018, where a serial number mismatch was discovered on January 11, 2019. Although the incorrect OCSP response did not impact any subscribers or relying parties, the incident highlighted the need for improved monitoring and linting processes. Remediation actions included publishing a corrected OCSP response and enhancing the configuration checks to prevent similar errors in the future.
Chronology
- Config file created and submitted to version control.
- OCSP responses created and signed.
- Serial mismatch discovered.
- New OCSP response published.
Participants
Ryan Sleevi
Kluge
Wayne Thayer
External References
Similar Local Cases
Google Trust Services: Invalid OCSP responses
Google Trust Services: OCSP serving issue 2020-04-09
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3
Google Trust Services: Failure to revoke subscriber certificates within BR timeframe
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses