← AC Camerfirma, S.A. cases
Bugzilla #1652603
Certificate Problem Report
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma faced issues with the timely revocation of a non-compliant intermediate CA, which raised concerns about the potential for misissuance and the adequacy of their controls. The situation was exacerbated by a proposed six-month delay in replacing the non-compliant CA. Throughout the discussions, Camerfirma acknowledged the risks and outlined a comprehensive plan to transition to a compliant CA, which included revocation and destruction of the non-compliant CA's private key. The case was resolved with the successful revocation and destruction of the key, although concerns about the lack of external auditor verification were noted.
Chronology
- Bug opened to track incident response for delayed revocation.
- Revocation of the non-compliant intermediate CA and destruction of its private key completed.
Participants
Ben Wilson
Eusebio Herrera
Ana Lopes
Ryan Sleevi
Martin Ja
External References
Similar Local Cases
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: suspicious certificate for com.com
Camerfirma: Incorrect OCSP Delegated Responder Certificate
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: Invalid stateOrProvinceName field
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
Camerfirma: BR revocation period exceeded