← Actalis cases
Bugzilla #1718554
Delayed Revocation
Actalis: Delayed revocation of non-BR-compliant CA Certificate within 7 days
RESOLVED
FIXED
Actalis
AI Summary
Actalis faced a situation where they delayed the revocation of a non-BR-compliant Subordinate CA certificate, which was supposed to be revoked within 7 days of identification. The delay was due to the critical role of the certificate in the Italian national certified email system (PEC), which is used for legally significant communications. Actalis has since implemented measures to cease TLS certificate issuance under the affected CA and is working on replacing the CA with a compliant version. The case has been resolved with a commitment to prevent future occurrences.
Chronology
- Actalis identified the need to revoke a non-BR-compliant CA certificate.
- Discussion on the implications of the delay and the need for corrective actions.
- Case closed by Mozilla.
Participants
Adriano Santoni
Ryan Sleevi
Federico Ciofi
Brett Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
NetLock: Delayed revocation report connected to ticket 1680378
KIR S.A.: Delayed revocations of certificates
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
Camerfirma: Delayed revocations related to Invalid stateOrProvinceName field
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue