← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1586125
Policy Compliance
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The case addresses the lack of Baseline Requirements (BR) audits for several subordinate CAs under PKIoverheid that are capable of issuing TLS certificates, which violates Mozilla's Root Store Policy. The CA acknowledged the issue and outlined a remediation plan, including revocation of certain certificates and migration to a new root CA. The situation was complicated by the need to avoid service disruptions for users reliant on these certificates. Ultimately, the root CA expired in March 2020, resolving the compliance issue.
Chronology
- Bug reported by Kathleen Wilson regarding lack of BR audits.
- PKIoverheid acknowledges the issue and begins investigation.
- Revocation of personal QSCD cards with S/MIME certificates completed.
- Root CA expired, resolving the compliance issue.
Participants
Kathleen Wilson
Jorik van 't Hof
Ryan Sleevi
Wayne Thayer
David Weissenberg
External References
Similar Local Cases
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
PKIoverheid: Missing Intermediate CA from audit statement
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant Certificate Issuance
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6
PKIoverheid: Compliance issues CIBG TLS certificates
SwissSign: BRs require full annual audits
GoDaddy: Non-BR-Compliant Certificate Issuance
Camerfirma: Govern d'Andorra audits