← Netlock cases
Bugzilla #1656882
Certificate Problem Report
NetLock: Failure to revoke noncompliant ICA within 7 days
RESOLVED
FIXED
Netlock
AI Summary
NetLock faced a failure to revoke noncompliant Intermediate Certificate Authorities (ICAs) within the mandated 7-day period as required by the updated Mozilla policy. The issue was first reported by Ryan Sleevi on July 2, 2020, highlighting a breach of the Baseline Requirements (BR). Although the problematic ICAs were eventually revoked, the initial delay in revocation was attributed to a lack of awareness regarding the policy changes that took effect on January 1, 2020. NetLock has since implemented changes to their compliance processes to prevent similar issues in the future.
Chronology
- Original report received about intermediate certificates with missing EKUs
- Interim SSL certificate revocation
- CA of digital signatures revoked
- Issue reported by Ryan Sleevi regarding missed revocation
- Timeline and problems attachment created
- Bug closure notice issued
Participants
Varga Viktor
Ryan Sleevi
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName
NetLock: Intermediate CA Certificate Missing from Audit Reports
NETLOCK: Pre-certificates revoked with certificateHold reason
NETLOCK: SSL certificates with OU field - revocation delay
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
Amazon Trust Services: Revocation Time for Intermediate Certificates
Entrust: Compromised Private Key was not Revoked in Less than 24 Hours
TrustCor: Non-revocation of CA certificates within 7 days