← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1578809
Policy Compliance
PKIoverheid: Compliance issues CIBG TLS certificates
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The case addresses compliance issues related to TLS certificates issued by CIBG under the PKIoverheid. Following a QA check, multiple compliance issues were identified, leading to the decision to revoke 3311 affected certificates that contained forbidden fields. The CA had previously ceased issuing publicly trusted certificates in December 2017, and the issues were not detected earlier due to oversight and the specific use of certificates for machine-to-machine communication in the healthcare sector. The situation has since been resolved with a commitment to improve oversight and compliance.
Chronology
- Logius requests a list of affected certificates from CIBG.
- CIBG provides Logius with a full list of affected certificates.
- Publication of the compliance issue on Bugzilla.
Participants
Jochem van den Berge
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
PKIoverheid: Missing Intermediate CA from audit statement
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant Certificate Issuance
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6
Google Trust Services: invalid curve-hash combination
PKIoverheid / QuoVadis: CPS inconsistencies
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy