← Sectigo cases
Bugzilla #1545208
Policy Compliance
Sectigo: Missing Changelog in CPS
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo faced an issue regarding the absence of a changelog in their Certificate Practice Statement (CPS), which is a requirement under Mozilla's Root Store Policy. The problem was identified on April 17, 2019, leading to a series of internal discussions and actions. Sectigo acknowledged the oversight and subsequently published updated versions of their CPS that included the required changelog. The compliance review confirmed that their practices are now in line with Mozilla's policies, and the necessary updates were made to their documentation.
Chronology
- Bug created regarding missing changelog
- Internal discussions led to realization of missed requirement
- CPS v5.1.2 published with updated changelog
- Compliance review completed
- CPS revision went live
Participants
Wayne Thayer
Robin Alden
Ryan Sleevi
External References
Similar Local Cases
SwissSign: BRs require full annual audits
DigiCert: Inconsistent EV audits
GoDaddy: Non-BR-Compliant Certificate Issuance
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
PKIoverheid: Compliance issues CIBG TLS certificates
QuoVadis: Recap of BR Compliance in 2018 issuance by external subCAs
Amazon Trust Services: CP/CPS does not specify key compromise methods