← AC Camerfirma, S.A. cases
Bugzilla #1575530
Policy Compliance
Camerfirma: Govern d'Andorra audits
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma, S.A. faced compliance issues following an audit of their intermediate certificate for the Government of Andorra, which revealed deficiencies. The audit, conducted in July 2019, led to the cessation of certificate issuance through the affected authority. The CA developed a remediation plan, including revocation of the problematic certificate and the establishment of a new intermediate CA. Despite initial delays in revocation due to the impact on government services, the certificate was ultimately revoked in December 2019. The CA has since implemented measures to prevent future compliance issues.
Chronology
- Received negative audit report highlighting deficiencies.
- Stopped issuing certificates through the Government of Andorra.
- Planned revocation of the intermediate certificate.
- Revoked the intermediate certificate.
Participants
Juan Angel Martin
Ryan Sleevi
Wayne Thayer
Eusebio Herrera
Ana Lopes
Kathleen Wilson
External References
Similar Local Cases
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
Camerfirma: Outdated audit statements for intermediate certs
Camerfirma: Decision not to revoke certificates with authorityKeyIdentifier that violates Mozilla Policy
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant
GoDaddy: Non-BR-Compliant Certificate Issuance
Camerfirma: SMIME Improvement Plan
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
Camerfirma: No disclosure of verification sources