← Microsoft Corporation cases
Bugzilla #1693930
Policy Compliance
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft PKI Services identified a failure to update their Certification Practices Statement (CPS) regarding Subscriber Certificate Maximum Validity Periods, which was not aligned with the Baseline Requirements effective September 1, 2020. The issue was discovered during the preparation of a new CPS on February 4, 2021. Microsoft confirmed that their certificate issuance processes remained compliant throughout this period, and no problematic certificates were issued. They have since updated their CPS and improved their policy document review procedures to prevent similar issues in the future.
Chronology
- Issue discovered during CPS review.
- Confirmed compliance with updated max validity period.
- Verified no certificates issued with longer validity than allowed.
- Finalized new CPS version for review.
- Posted updated CPS v3.1.8.
- Updated policy document review procedures.
Participants
John Mason
Ben Wilson
Ryan Sleevi
External References
Similar Local Cases
Microsoft PKI Services: Policy Documentation, Failure to update Domain Validation Method
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
TWCA: Policy OID not set to indicate the assurance level to the issued certs
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant
Microsoft PKI Services: Failure to disclose Revocation of Intermediate CAs within 7 Days