← AC Camerfirma, S.A. cases
Bugzilla #1649944
Certificate Problem Report
Camerfirma: Incorrect OCSP Delegated Responder Certificate
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma issued OCSP Delegated Responder certificates without the required 'id-pkix-ocsp-nocheck' response, violating Baseline Requirements. The issue was reported by Ryan Sleevi, prompting an investigation by Camerfirma. They confirmed the problem and initiated a remediation plan, including revocation of affected certificates. The situation was critical due to the certificates' role in medical prescriptions in Spain. Although Camerfirma planned to revoke the problematic CA within nine months, concerns were raised about the delay's impact on security.
Chronology
- Bug reported by Ryan Sleevi.
- Camerfirma acknowledged receipt and began investigation.
- Camerfirma provided a detailed incident report.
- Camerfirma outlined their remediation plan and controls.
- Camerfirma confirmed steps to stay informed on CA issues.
Participants
Ryan Sleevi
Eusebio Herrera
Brett Wilson
Ana Lopes
External References
Similar Local Cases
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: suspicious certificate for com.com
Camerfirma: Invalid stateOrProvinceName field
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
Camerfirma: Old CAs with an RSA modulus size of 2047 bits
Camerfirma: MULTICERT certificates with a validity period greater than 825 days