← Netlock cases
Bugzilla #1680378
Policy Compliance
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
RESOLVED
FIXED
Netlock
AI Summary
NetLock identified a compliance issue during a self-audit on November 20, 2020, regarding the absence of the CAB Forum Organization ID in their EV certificates, following changes in the EVGL 1.7.4 guidelines. The CA halted certificate issuance, issued replacement certificates, and revoked nearly all affected certificates by December 31, 2020. The incident highlighted shortcomings in monitoring policy changes, prompting NetLock to implement a new taskforce and improve compliance processes to prevent future occurrences.
Chronology
- Problem identified; certificate issuance stopped.
- Mandatory extension set for new certificates.
- Replacement certificates issued.
- Revocation of almost all certificates.
- Revocation of the last certificate.
Participants
Varga Viktor
Anna Bányai
Zsófia Fehér
Győző Drozdy
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
NetLock: Cumulative report connected to EV verification
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
TWCA: Policy OID not set to indicate the assurance level to the issued certs
NETLOCK: CPS 1.5.2. problem and contact information update
Firmaprofesional: 2020 Audit Report Finding 2 out of 4