← GlobalSign nv-sa cases
Bugzilla #1649937 Certificate Problem Report

GlobalSign: Incorrect OCSP Delegated Responder Certificate

RESOLVED FIXED GlobalSign nv-sa
AI Summary

GlobalSign issued OCSP Delegated Responder certificates without including the required 'id-pkix-ocsp-nocheck' response, violating Baseline Requirements. The issue was reported on July 1, 2020, leading to an investigation and a remediation plan that included revoking affected certificates. GlobalSign successfully revoked multiple CA certificates and destroyed the associated keys. An ISAE3000 report was later provided, confirming the non-performance of OCSP signing by the affected CAs. The case is now resolved.

Model: gpt-4o-mini Generated: 2026-06-13 21:23 UTC Confidence: 1.00
Chronology
  1. Security issue disclosed on mozilla.dev.security.policy
  2. First batch of revocations of affected issuing CA
  3. Active key pairs of affected CA destroyed
  4. ISAE3000 report regarding non-performance of OCSP signing submitted
Participants
Ryan Sleevi Arvid Vermote Douglas Beattie
External References
Original Bugzilla Case bugzilla.mozilla.org www.mail-archive.com crt.sh
Similar Local Cases
#1668007 RESOLVED Certificate Problem Report Opened 2020-09-29 · Closed 2023-02-22 · 68% similar
GlobalSign: Invalid stateOrProvinceName value
AI Summary CA Owner
#1654545 RESOLVED Certificate Problem Report Opened 2020-07-22 · Closed 2023-02-22 · 68% similar
GlobalSign: Failure to revoke noncompliant certificates within 5 days
AI Summary CA Owner
#1708834 RESOLVED Certificate Problem Report Opened 2021-04-30 · Closed 2023-02-22 · 67% similar
GlobalSign: Invalid stateOrProvinceName and locality pair
AI Summary CA Owner
#1654896 RESOLVED Certificate Problem Report Opened 2020-07-23 · Closed 2023-02-22 · 67% similar
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8
AI Summary CA Owner
#1390997 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 67% similar
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields
AI Summary CA Owner
#1393557 RESOLVED Certificate Problem Report Opened 2017-08-24 · Closed 2023-02-22 · 67% similar
GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits
AI Summary CA Owner
#1524877 RESOLVED Certificate Problem Report Opened 2019-02-03 · Closed 2023-02-22 · 67% similar
GlobalSign: IP in dnsName
AI Summary CA Owner
#1599788 RESOLVED Certificate Problem Report Opened 2019-11-27 · Closed 2023-02-22 · 67% similar
GlobalSign: Failure to revoke noncompliant ICA within 7 days
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action