← Google Trust Services LLC cases
Bugzilla #1678183
Certificate Problem Report
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses
RESOLVED
FIXED
Google Trust Services LLC
AI Summary
Google Trust Services LLC identified an issue with invalid ASN.1 encoding of singleExtensions in OCSP responses after receiving a notification from PrimeKey about a new EJBCA version. The problem was confirmed on November 6, 2020, and a new version was rolled out in both test and production environments by November 12, 2020. No problematic certificates were issued, and the issue was resolved with the software update. However, concerns were raised about the timeliness of the response and the adequacy of quality checks in place.
Chronology
- Received notification from PrimeKey regarding EJBCA version fixes.
- Confirmed the issue and identified update windows.
- Rolled out new EJBCA version in test environment.
- Rolled out new EJBCA version in production environment.
Participants
Andy Warner
Mathew Hodson
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
Google Trust Services: Invalid OCSP responses
Google Trust Services: OCSP serving issue 2020-04-09
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10
e-commerce monitoring GmbH: CN domain not in SAN
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3
Google Trust Services: Revocation data publication delay for revoked unused subordinate CAs
Google Trust Services: Failure to respond to CPR within 24 hours