← Netlock cases
Bugzilla #1676440
Policy Compliance
NetLock: Cumulative report connected to EV verification
RESOLVED
FIXED
Netlock
AI Summary
NetLock reported a cumulative incident related to Extended Validation (EV) certificate issuance. The issues involved two main cases: one concerning the validity period exceeding the maximum allowed days, and another regarding RSA key modulus size not being divisible by 8. Both problems were identified through internal audits and external reports, leading to immediate corrective actions. NetLock has since ceased issuing certificates with these issues and implemented new testing protocols to prevent recurrence.
Chronology
- DV system configuration set to 365 days instead of 398 days.
- Disabled issuance of SSL certificates exceeding 398 days.
- Blocked issuance of keys other than 2048 and 4096 bits.
- Published blocking code in production environment.
Participants
Varga Viktor
Ben Wilson
Ryan Sleevi
External References
Similar Local Cases
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
NETLOCK: CPS 1.5.2. problem and contact information update
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key
PKIoverheid / QuoVadis: CPS inconsistencies
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains