← Microsoft Corporation cases
Bugzilla #1711147
Certificate Problem Report
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions)
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft PKI Services identified eight Intermediate CAs that were mis-issued due to missing certificate policy extensions, violating Baseline Requirements. The issue was reported by their WebTrust auditor on May 4, 2021. Microsoft promptly acknowledged the issue, revoked the affected certificates, and implemented a post-issuance check using Zlint to prevent future occurrences. They are also working on enhancing their issuance processes, including plans for automated pre-issuance linting by December 2022.
Chronology
- Issue reported to Microsoft PKI Services by auditor.
- Revocation of all eight affected ICAs completed.
- Detailed root cause analysis provided.
- Plans for automated pre-issuance linting confirmed.
Participants
John Mason
External References
Similar Local Cases
Microsoft PKI Services: Underscore in SAN
Microsoft PKI Services: Malformed ICAs (Key Usage Malformed)
Microsoft PKI Services: "unknown" OCSP response for issued certificates
Microsoft PKI Services: Unrevoked 4 intermediate certificates
Microsoft PKI Services: OCSP Responder does not know a Certificate
Microsoft PKI Services: Sample Site Certificates expired
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
Microsoft PKI Services: CA Certificates not published in DER Encoded Format