← Actalis cases
Bugzilla #1586787
Policy Compliance
Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
RESOLVED
FIXED
Actalis
AI Summary
Actalis issued two intermediate certificates after January 1, 2019, that did not comply with Mozilla Policy 2.6.1, specifically lacking the required Extended Key Usage (EKU) extension. The issue was identified during an internal review in March 2019, leading to the revocation of the non-compliant certificates shortly after their issuance. Actalis has since posted a detailed incident report and taken steps to prevent similar occurrences in the future, including revising their internal procedures. The case has been resolved with all necessary actions completed.
Chronology
- Intermediate CA certificate DV G1 was generated.
- Intermediate CA certificate EV G2 was generated.
- Internal review found missing EKU in EV G2.
- EV G2 was re-issued correctly and the defective certificate was revoked.
- DV G1 was revoked.
- Steps taken to avoid recurrence of the issue.
Participants
Ryan Sleevi
Giorgio Girelli
External References
Similar Local Cases
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Actalis: Non-BR-Compliant Certificate Issuance
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
SECOM: Non-BR-Compliant Certificate Issuance
Camerfirma: Outdated audit statements for intermediate certs
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
Entrust: Non-BR-Compliant Certificate Issuance