← HARICA cases
Bugzilla #1649945 Certificate Problem Report

HARICA: Incorrect OCSP Delegated Responder Certificate

RESOLVED FIXED HARICA
AI Summary

HARICA issued OCSP Delegated Responder certificates without the required `id-pkix-ocsp-nocheck` response, violating Baseline Requirements. The CA initiated an investigation upon discovering the issue, confirming that the affected certificates were never enabled to sign OCSP responses. HARICA developed a mitigation plan, which included revoking the affected certificates and destroying the associated keys. The incident was resolved with the completion of the key destruction ceremony, witnessed by an external auditor.

Model: gpt-4o-mini Generated: 2026-06-13 21:11 UTC Confidence: 0.95
Chronology
  1. Initial report of the incident
  2. All remaining affected CAs were revoked and keys destroyed
Participants
Dimitris Zacharopoulos Ryan Sleevi
External References
Original Bugzilla Case www.mail-archive.com crt.sh wiki.mozilla.org
Similar Local Cases
#1580393 RESOLVED Certificate Problem Report Opened 2019-09-11 · Closed 2022-11-14 · 65% similar
HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates
AI Summary CA Owner
#1649937 RESOLVED Certificate Problem Report Opened 2020-07-02 · Closed 2023-02-22 · 59% similar
GlobalSign: Incorrect OCSP Delegated Responder Certificate
AI Summary CA Owner
#1535509 RESOLVED Certificate Problem Report Opened 2019-03-15 · Closed 2023-02-22 · 59% similar
HARICA: Insufficient serial number entropy
AI Summary CA Owner
#1878106 RESOLVED Certificate Problem Report Opened 2024-02-01 · Closed 2024-03-08 · 58% similar
HARICA: Anomaly in OCSP services after CA software upgrade
AI Summary CA Owner
#1649963 RESOLVED Certificate Problem Report Opened 2020-07-02 · Closed 2023-02-22 · 57% similar
Atos: Incorrect OCSP Delegated Responder Certificate
AI Summary CA Owner
#1699796 RESOLVED Certificate Problem Report Opened 2021-03-19 · Closed 2023-02-22 · 57% similar
HARICA: Certificates with invalid policy tree
AI Summary CA Owner
#1535772 RESOLVED Certificate Problem Report Opened 2019-03-15 · Closed 2023-02-22 · 57% similar
HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates
AI Summary CA Owner
#1942130 RESOLVED Certificate Problem Report Opened 2025-01-16 · Closed 2025-05-01 · 56% similar
HARICA: S/MIME certificate issuance without proper validation
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action