← Microsoft Corporation cases
Bugzilla #1718991 Certificate Problem Report

Microsoft PKI Services: Malformed ICAs (Key Usage Malformed)

RESOLVED FIXED Microsoft Corporation
AI Summary

Microsoft PKI Services identified four Intermediate CAs that were mis-issued due to malformed Key Usage extensions. The issue was discovered on June 24, 2021, during a manual inspection of newly created certificates. The affected certificates were revoked shortly after issuance, and the root cause was traced to the configuration of internal software tools used for certificate template creation. Remediation steps have been implemented to prevent similar issues in the future.

Model: gpt-4o-mini Generated: 2026-06-13 21:16 UTC Confidence: 0.90
Chronology
  1. Four Intermediate CA certificates issued and identified as malformed during inspection.
  2. Certificates revoked and template configuration corrected.
  3. All planned remediations completed.
Participants
John Mason Ryan Sleevi Kathleen Wilson
External References
Original Bugzilla Case www.microsoft.com
Similar Local Cases
#1705419 RESOLVED Certificate Problem Report Opened 2021-04-15 · Closed 2023-02-22 · 70% similar
Microsoft PKI Services: Underscore in SAN
AI Summary CA Owner
#1740585 RESOLVED Certificate Problem Report Opened 2021-11-10 · Closed 2024-05-09 · 69% similar
Microsoft PKI Services: Unrevoked 4 intermediate certificates
AI Summary CA Owner
#1598390 RESOLVED Certificate Problem Report Opened 2019-11-21 · Closed 2024-05-09 · 69% similar
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
AI Summary CA Owner
#1793443 RESOLVED Certificate Problem Report Opened 2022-10-03 · Closed 2024-05-09 · 67% similar
Microsoft PKI Services: "unknown" OCSP response for issued certificates
AI Summary CA Owner
#1711147 RESOLVED Certificate Problem Report Opened 2021-05-13 · Closed 2023-02-22 · 63% similar
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions)
AI Summary CA Owner
#1586847 RESOLVED Certificate Problem Report Opened 2019-10-07 · Closed 2024-05-09 · 62% similar
Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
AI Summary CA Owner
#1879552 RESOLVED Certificate Problem Report Opened 2024-02-09 · Closed 2024-03-29 · 57% similar
Microsoft PKI Services: OCSP Responder does not know a Certificate
AI Summary CA Owner
#1604124 RESOLVED Certificate Problem Report Opened 2019-12-16 · Closed 2023-02-22 · 57% similar
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action