← Google Trust Services LLC cases
Bugzilla #1630079
Certificate Problem Report
Google Trust Services: Invalid OCSP responses
RESOLVED
FIXED
Google Trust Services LLC
AI Summary
This case addresses an incident involving Google Trust Services (GTS) where invalid OCSP responses were generated due to a change in the batching process of OCSP response generation. The issue was first reported by users experiencing problems with OCSP checking in Firefox, particularly those using a 'hard-fail' configuration. The problem was acknowledged by GTS, and remediation procedures were initiated once the issue was identified. The incident was resolved approximately 2 days after it began, with no prior customer reports received during the outage.
Chronology
- Code push to improve OCSP generation initiated.
- User reports OCSP issues on mozilla.dev.security.policy.
- GTS acknowledges the issue.
- Remediation procedures triggered.
- Issue resolved.
Participants
Ryan Sleevi
Andy Warner
External References
Similar Local Cases
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses
Google Trust Services: OCSP serving issue 2020-04-09
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4
Google Trust Services: Improper OCSP response for intermediate certificate
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3
Google Trust Services: Failure to revoke subscriber certificates within BR timeframe
Google Trust Services: Incorrect OCSP response for issued certificate