← Netlock cases
Bugzilla #1586795
Policy Compliance
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
RESOLVED
FIXED
Netlock
AI Summary
NetLock was found to have issued intermediate certificates after January 1, 2019, that did not comply with Mozilla Policy 2.6.1, specifically lacking the required Extended Key Usage (EKU) extension. Following the discovery of this issue, NetLock acknowledged the problem and initiated corrective actions, including the replacement of the non-compliant certificates and the implementation of new processes to prevent future occurrences. The CA has since confirmed that it is no longer issuing certificates with these issues and has completed the revocation of the affected certificates.
Chronology
- NetLock identified non-compliant certificates during an internal audit.
- Ryan Sleevi reported the compliance issue to NetLock.
- NetLock revoked the old EV SSL certificates.
- NetLock revoked the old MKB SubCA certificate.
Participants
Ryan Sleevi
Varga Viktor
Wayne Thayer
Ben Wilson
Eszter Dolgos
External References
Similar Local Cases
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
NetLock: Cumulative report connected to EV verification
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Google Trust Services: invalid curve-hash combination
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
NETLOCK: CPS 1.5.2. problem and contact information update
GoDaddy: Non-BR-Compliant Certificate Issuance