← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1649964 Certificate Problem Report

PKIoverheid: Incorrect OCSP Delegated Responder Certificate

RESOLVED FIXED Government of The Netherlands, PKIoverheid (Logius)
AI Summary

The PKIoverheid CA issued OCSP Delegated Responder certificates without the required 'id-pkix-ocsp-nocheck' response, violating Baseline Requirements. This issue was reported and acknowledged by Logius, which recognized the associated security risks. A remediation plan was developed to revoke affected certificates and replace them with new ones, while minimizing disruption to critical services. The revocation process was complex due to the reliance on these certificates in various sectors, leading to a phased approach for replacement and revocation.

Model: gpt-4o-mini Generated: 2026-06-13 21:10 UTC Confidence: 0.90
Chronology
  1. Issue reported to Mozilla
  2. Logius acknowledges the issue
  3. Remediation plan outlined
  4. Request for removal of trust filed
  5. Closure of the case planned
Participants
Ryan Sleevi Jorik van 't Hof David Weissenberg
External References
Original Bugzilla Case www.mail-archive.com tools.ietf.org cabforum.org
Similar Local Cases
#1573490 RESOLVED Certificate Problem Report Opened 2019-08-13 · Closed 2023-02-22 · 67% similar
PKIoverheid: CIBG insufficient serial number entropy
AI Summary CA Owner
#1610507 RESOLVED Certificate Problem Report Opened 2020-01-21 · Closed 2023-02-22 · 64% similar
PKIoverheid: TSP CPS lacks problem reporting instructions
AI Summary CA Owner
#1911335 RESOLVED Certificate Problem Report Opened 2024-08-02 · Closed 2025-08-11 · 57% similar
PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA
AI Summary CA Owner
#1724276 RESOLVED Certificate Problem Report Opened 2021-08-05 · Closed 2023-02-22 · 57% similar
QuoVadis / PKIoverheid: incorrect OCSP response for precertificate
AI Summary CA Owner
#1652922 RESOLVED Certificate Problem Report Opened 2020-07-15 · Closed 2023-02-22 · 57% similar
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
AI Summary CA Owner
#1398251 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 57% similar
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1535871 RESOLVED Certificate Problem Report Opened 2019-03-16 · Closed 2023-02-22 · 57% similar
PKIoverheid: KPN Insufficient Serial Number Entropy
AI Summary CA Owner
#1649944 RESOLVED Certificate Problem Report Opened 2020-07-02 · Closed 2023-02-22 · 56% similar
Camerfirma: Incorrect OCSP Delegated Responder Certificate
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action