← AC Camerfirma, S.A. cases
Bugzilla #1686524
Certificate Problem Report
Camerfirma: Certificate issued with 3-year lifespan, unknown policy
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
This case addresses a certificate issued by Camerfirma that was found to have a 3-year lifespan and an unknown policy identifier. The certificate, which was later revoked, was flagged for not conforming to the Baseline Requirements due to its inclusion of certain extended key usages. The discussion revealed that the certificate was categorized as an Electronic Seal certificate rather than an SSL certificate, leading to debates about its compliance with Mozilla's policies. Ultimately, Camerfirma acknowledged the oversight and committed to updating their Certification Practices Statement (CPS) to include missing OIDs.
Chronology
- Initial report of certificate issues
- Camerfirma commits to updating CPS
- Camerfirma confirms missing OIDs will be included in CPS
- Final updates on the case
Participants
matthias@thisisntrocket.science
eusebio.herrera@camerfirma.com
paul.leo.steinberg@gmail.com
bwilson@mozilla.com
tim.hollebeek@digicert.com
ana.lopes@camerfirma.com
martin_ja@camerfirma.com
External References
Similar Local Cases
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
Apple: Test website certificates expired
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: suspicious certificate for com.com
Camerfirma: Invalid country field for Camerfirma root CA certificates
Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280
Camerfirma: Invalid stateOrProvinceName field