← Sectigo cases
Bugzilla #1639518 Certificate Problem Report

Sectigo: "unauthorized" OCSP responses

RESOLVED INVALID Sectigo
AI Summary

A user reported receiving "unauthorized" OCSP responses for two expired certificates from Sectigo. The user expected a successful response but received an HTTP 200 status with an OCSP status of 6. Sectigo clarified that they do not generate OCSP responses for expired certificates, which aligns with RFC5019's definition of "unauthorized". The issue was acknowledged as a misunderstanding by the user, who typically does not handle expired certificates.

Model: gpt-4o-mini Generated: 2026-06-13 20:58 UTC Confidence: 0.90
Chronology
  1. User reports unauthorized OCSP responses.
  2. Sectigo confirms OCSP responses are not generated for expired certificates.
  3. User acknowledges misunderstanding regarding expired certificates.
Participants
mpalmer@hezmatt.org Robin.Alden@Sectigo.com ryan.sleevi@gmail.com rob@sectigo.com
External References
Original Bugzilla Case tools.ietf.org github.com
Similar Local Cases
#1639804 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 73% similar
Sectigo: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1717046 RESOLVED Certificate Problem Report Opened 2021-06-17 · Closed 2022-11-14 · 56% similar
Sectigo: potentially invalid organizational validation certificates
AI Summary CA Owner
#1639794 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 54% similar
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1636141 RESOLVED Certificate Problem Report Opened 2020-05-07 · Closed 2023-02-22 · 53% similar
SwissSign: failure to provide a preliminary report within 24 hours
AI Summary CA Owner
#2031087 RESOLVED Certificate Problem Report Opened 2026-04-11 · Closed 2026-06-06 · 50% similar
Sectigo: Partial OCSP response publication delay for newly issued certificates
AI Summary CA Owner
#1741777 RESOLVED Certificate Problem Report Opened 2021-11-18 · Closed 2023-02-22 · 49% similar
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
AI Summary CA Owner
#1891039 RESOLVED Certificate Problem Report Opened 2024-04-11 · Closed 2024-05-05 · 49% similar
Sectigo: Premature disabling of CRL generation for an inactive CA
AI Summary CA Owner
#1985307 RESOLVED Certificate Problem Report Opened 2025-08-26 · Closed 2025-10-09 · 49% similar
Sectigo: OCSP and CRL traffic not being proxied for 3 Subordinate CAs
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action