← Microsoft Corporation cases
Bugzilla #1586847 Certificate Problem Report

Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy

RESOLVED FIXED Microsoft Corporation
AI Summary

Microsoft PKI Services issued intermediate certificates after January 1, 2019, that did not comply with Mozilla's policy, specifically lacking the required Extended Key Usage (EKU) extensions. This issue was identified during a compliance check, leading to the creation of an incident report. Microsoft acknowledged the error, revoked the problematic certificates, and updated their processes to ensure compliance moving forward. The incident was resolved with no valid problematic certificates remaining.

Model: gpt-4o-mini Generated: 2026-06-13 20:01 UTC Confidence: 0.95
Chronology
  1. Microsoft issued non-compliant intermediate certificates.
  2. Incident bug 1586847 created.
  3. Microsoft revoked the initial versions of the problematic CAs.
  4. Incident report submitted by Microsoft.
  5. All questions answered and remediation confirmed complete.
Participants
Ryan Sleevi Jason Cooper Wayne Thayer
External References
Original Bugzilla Case crt.sh www.microsoft.com crt.sh
Similar Local Cases
#1598390 RESOLVED Certificate Problem Report Opened 2019-11-21 · Closed 2024-05-09 · 75% similar
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
AI Summary CA Owner
#1604124 RESOLVED Certificate Problem Report Opened 2019-12-16 · Closed 2023-02-22 · 73% similar
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work
AI Summary CA Owner
#1718991 RESOLVED Certificate Problem Report Opened 2021-07-02 · Closed 2024-05-09 · 62% similar
Microsoft PKI Services: Malformed ICAs (Key Usage Malformed)
AI Summary CA Owner
#1705419 RESOLVED Certificate Problem Report Opened 2021-04-15 · Closed 2023-02-22 · 59% similar
Microsoft PKI Services: Underscore in SAN
AI Summary CA Owner
#1586860 RESOLVED Certificate Problem Report Opened 2019-10-07 · Closed 2023-02-22 · 59% similar
Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280
AI Summary CA Owner
#1626078 RESOLVED Certificate Problem Report Opened 2020-03-30 · Closed 2023-02-22 · 58% similar
Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs
AI Summary CA Owner
#1390988 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 58% similar
Consorci AOC: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1525710 RESOLVED Certificate Problem Report Opened 2019-02-06 · Closed 2023-02-22 · 58% similar
Amazon Trust Services: Test revoked certificates with invalid validity period
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action