PKIoverheid: Missing intermediate CA certificates in WTBR audit statements Staat der Nederlanden 2017/2018

The Government of The Netherlands, PKIoverheid, identified missing intermediate CA certificates in their WTBR audit statements for the years 2017 and 2018. This issue was discovered during a review of audit records in mid-November 2019, triggered by an ALV warning. The missing certificates were not properly listed in management assertions due to a logical error in their auditing process. The CA has since issued new management assertions and is working with KPMG to rectify the oversight. The case has been resolved with the necessary updates submitted to CCADB.

1. 2017-03-01 First management assertion issued listing SHA256 fingerprints.
2. 2019-11-25 Logius noticed missing Domain CA fingerprints during CCADB review.
3. 2019-12-13 New management assertions issued based on earlier statements.
4. 2019-12-19 Bug created to clarify facts and remediation actions.
5. 2020-01-07 New CCADB audit case submitted with updated reports.
6. 2020-02-05 Audit cases processed and bug closed.