← Google Trust Services LLC cases
Bugzilla #1709223 Policy Compliance

Google Trust Services: Signing SHA-1 Hash for existing CA certificate with changes in Key Usage

RESOLVED FIXED Google Trust Services LLC
AI Summary

Google Trust Services (GTS) reissued a Root CA certificate using SHA-1 for its signature, which raised compliance concerns regarding the Mozilla Root Store Policy (MRSP). The CA believed that their actions were compliant based on discussions with auditors and interpretations of the policy. However, this incident highlighted a misunderstanding of the MRSP, particularly regarding the prohibition of SHA-1 usage for root certificates. GTS has committed to improving its compliance processes and engaging with the community for future policy interpretations.

Model: gpt-4o-mini Generated: 2026-06-13 21:26 UTC Confidence: 0.80
Chronology
  1. CA/B Forum Baseline requirements ban the use of SHA-1 for end-entity and SubCA certificates.
  2. GTS reissues the Root CA certificate using its original SHA-1 signature algorithm.
Participants
Ryan Hurst Matthias Fotis Ben Wilson
External References
Original Bugzilla Case bugzilla.mozilla.org crt.sh
Similar Local Cases
#1650234 RESOLVED Policy Compliance Opened 2020-07-02 · Closed 2023-02-22 · 54% similar
PKIoverheid / QuoVadis: CPS inconsistencies
AI Summary CA Owner
#1612389 RESOLVED Policy Compliance Opened 2020-01-30 · Closed 2023-02-22 · 51% similar
Google Trust Services: invalid curve-hash combination
AI Summary CA Owner
#2031164 RESOLVED Policy Compliance Opened 2026-04-12 · Closed 2026-05-29 · 50% similar
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots
AI Summary CA Owner
#1680378 RESOLVED Policy Compliance Opened 2020-12-02 · Closed 2023-02-22 · 49% similar
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
AI Summary CA Owner
#1772411 RESOLVED Policy Compliance Opened 2022-06-02 · Closed 2024-05-09 · 49% similar
NAVER Cloud Trust Services: Failure to Respond to May 2022 Survey
AI Summary CA Owner
#1525082 RESOLVED Policy Compliance Opened 2019-02-04 · Closed 2022-11-14 · 49% similar
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
AI Summary CA Owner
#1706976 RESOLVED Policy Compliance Opened 2021-04-22 · Closed 2022-11-14 · 49% similar
Google Trust Services: Out-of-date CPS disclosure
AI Summary CA Owner
#1713976 RESOLVED Policy Compliance Opened 2021-06-02 · Closed 2023-02-22 · 49% similar
Amazon Trust Services: CP/CPS does not specify key compromise methods
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action