← DarkMatter LLC cases
Bugzilla #1733000
Certificate Problem Report
QuoVadis: revocation services validity set to expected value plus one second
RESOLVED
FIXED
DarkMatter LLC
AI Summary
The QuoVadis CA identified an issue where their OCSP and CRL responses were valid for one second longer than specified due to a misconfiguration in their EJBCA settings. This discrepancy was brought to their attention by GTS, leading to an investigation and subsequent updates to their Certificate Practice Statement (CPS). The CA has ceased issuing responses that exceed the defined validity period and has taken steps to correct the underlying software configuration. The issue has been resolved, and the CPS has been amended accordingly.
Chronology
- Notified by GTS about OCSP responses being valid for 48 hours plus one second.
- CPS updated and approved to reflect accurate revocation service timing.
- Confirmation of resolution and plans for future software updates.
Participants
Stephen Davidson
External References
Similar Local Cases
QuoVadis / PKIoverheid: incorrect OCSP response for precertificate
QuoVadis: hostnames not in preferred name syntax
QuoVadis: LLB insufficient Serial Number Entropy
QuoVadis: Failure to revoke within 7 days: OCSP EKU issue
QuoVadis: N/A in EV serialNumber field
QuoVadis: OCSP handling of Certificate Transparency Pre-certs
QuoVadis: Incorrect EV jurisdiction of incorporation information
QuoVadis: failure to reply to CPR in a timely manner