← DarkMatter LLC cases
Bugzilla #1649938
Certificate Problem Report
QuoVadis: Incorrect OCSP Delegated Responder Certificate
RESOLVED
FIXED
DarkMatter LLC
AI Summary
The QuoVadis CA was reported for issuing OCSP Delegated Responder certificates without the required 'id-pkix-ocsp-nocheck' response, violating Baseline Requirements. The issue was first raised in a Mozilla discussion, prompting QuoVadis to investigate and implement a remediation plan. This included revoking affected sub CAs and replacing them with compliant certificates. The CA has since completed the revocation and key destruction processes for the impacted certificates, with a comprehensive audit report pending.
Chronology
- Initial report of the issue to Mozilla's security policy mailing list.
- Revocation of several affected sub CAs.
- Completion of revocation and key destruction for QuoVadis-hosted CAs.
- Revocation of remaining Siemens CAs.
- Scheduled closure of the bug.
Participants
Ryan Sleevi
Stephen Davidson
External References
Similar Local Cases
QuoVadis: failure to reply to CPR in a timely manner
QuoVadis: Incorrect keyUsage for ECC certificate
QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17)
QuoVadis: N/A in EV serialNumber field
QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs
QuoVadis: Incorrect EV jurisdiction of incorporation information
QuoVadis: Failure to revoke certificates with compromised private keys
QuoVadis: EV serialNumber with "none"