← AC Camerfirma, S.A. cases
Bugzilla #1586860 Certificate Problem Report

Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280

RESOLVED FIXED AC Camerfirma, S.A.
AI Summary

Camerfirma was found to have issued certificates that violated the requirements of RFC 5280 and Mozilla Policy regarding the Authority Key Identifier. Specifically, approximately 3233 certificates included both a key identifier and an issuer name with serial number, which is prohibited. The CA acknowledged the misinterpretation of the policy and developed an action plan to rectify the issue, committing to issue certificates with only the key identifier moving forward. The problem was resolved, and all new certificates issued since late 2019 comply with the updated requirements.

Model: gpt-4o-mini Generated: 2026-06-13 20:02 UTC Confidence: 0.95
Chronology
  1. Bug reported by Ryan Sleevi regarding invalid authorityKeyIdentifier.
  2. Camerfirma acknowledges misinterpretation and commits to corrective actions.
  3. Modification to issue compliant certificates deployed.
  4. All new S/MIME certificates issued with compliant Authority Key Identifier.
  5. New Mozilla Policy requiring revocation of non-compliant certificates takes effect.
  6. Incident report filed for recurrence of the problem.
Participants
Ryan Sleevi Juan Angel Martin Wayne Thayer Ramiro
External References
Original Bugzilla Case wiki.mozilla.org tools.ietf.org
Similar Local Cases
#1532333 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 72% similar
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
AI Summary CA Owner
#1667430 RESOLVED Certificate Problem Report Opened 2020-09-25 · Closed 2023-02-22 · 67% similar
Camerfirma: Invalid stateOrProvinceName field
AI Summary CA Owner
#1623384 RESOLVED Certificate Problem Report Opened 2020-03-18 · Closed 2023-02-22 · 65% similar
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident
AI Summary CA Owner
#1426233 RESOLVED Certificate Problem Report Opened 2017-12-19 · Closed 2023-02-22 · 65% similar
Camerfirma: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1509002 RESOLVED Certificate Problem Report Opened 2018-11-21 · Closed 2023-02-22 · 64% similar
Camerfirma: MULTICERT certificates with a validity period greater than 825 days
AI Summary CA Owner
#1624658 RESOLVED Certificate Problem Report Opened 2020-03-24 · Closed 2023-02-22 · 63% similar
Camerfirma: BR revocation period exceeded
AI Summary CA Owner
#1532333 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 63% similar
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
AI Summary CA Owner
#1586847 RESOLVED Certificate Problem Report Opened 2019-10-07 · Closed 2024-05-09 · 59% similar
Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action