← SSL.com cases
Bugzilla #1579509
Certificate Problem Report
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
RESOLVED
INVALID
SSL.com
AI Summary
SSL.com reported an issue where precertificates lacked corresponding issued certificates and returned an OCSP status of 'Unknown'. This was identified as a problem with the EJBCA system. SSL.com promptly opened a bug with PrimeKey and began remediation efforts. They communicated their findings and actions to the community, ensuring transparency throughout the investigation. The incident was ultimately resolved as invalid after discussions in the Mozilla community.
Chronology
- Issue reported upon discovery of OCSP problems.
- Feedback received from PrimeKey regarding the issue.
- In-house remediation applied to resolve remaining issues.
- Incident resolved as INVALID.
Participants
secauditor@ssl.com
ryan.sleevi@gmail.com
wthayer@fastly.com
External References
Similar Local Cases
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
SSL.com: Intermediate certificate not listed in audit reports
GlobalSign: OCSP Responder Returns invalid values for Some Precertificates
SSL.com: "unknown" OCSP response for issued certificates
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list.
Atos: Insufficient Serial Number Entropy