← Taiwan-CA Inc. (TWCA) cases
Bugzilla #1716670
CCADB Compliance
TWCA: Intermediate CA Certificate Missing from Audit Reports
RESOLVED
FIXED
Taiwan-CA Inc. (TWCA)
AI Summary
The case addresses the issue of TWCA's WebTrust audit reports not listing the TWCA Global Root CA certificate. TWCA acknowledged the oversight and committed to correcting the issue in future audit reports. The certificate was omitted from the 2020 audit report, which raised concerns about compliance with Mozilla's requirements. TWCA has since updated their audit reports to include the missing certificate and has implemented measures to prevent similar issues in the future.
Chronology
- WebTrust audit completed.
- Audit reports received, missing cross-signed CA certificate noticed.
- TWCA became aware of the bug and started investigation.
- Updated audit reports created including the missed CA certificate.
- CCADB record updated to reflect changes.
Participants
Ben Wilson
Hao-Chun Li
External References
Similar Local Cases
SECOM: Intermediate CA Certificates Missing from Audit Reports
Sectigo: Inadequate vulnerability scanning and patching
eMudhra: Failure to Respond to May 2022 Survey
Microsec: ALV Failures
Netlock: Failure to Provide Weekly Updates
Amazon Trust Services: Overdue audit statements for intermediate certificates
Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL
Firmaprofesional: 2021 Audit Report Finding 3 out of 3