← IdenTrust Services, LLC cases
Bugzilla #1772633
Technical Compliance
IdenTrust: OCSP responses for subordinate CA exceed the validity period per CPS guidelines
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust identified a compliance issue where OCSP response validity periods for 14 subordinate CAs exceeded the guidelines set forth in their TrustID CPS. The discrepancy was discovered during an internal review, leading to an investigation that confirmed the OCSP responses were valid for longer than the allowed 24 hours. IdenTrust promptly updated their CPS to rectify the issue, publishing the revised document on May 27, 2022. The situation is now considered resolved as the updated CPS aligns with compliance requirements.
Chronology
- Internal message identified discrepancy in OCSP response validity.
- Investigation confirmed multiple subordinate CA OCSP responders were affected.
- Initiated CPS update process.
- Published updated TrustID CPS.
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
Certainly: Root CRL validity period exceeds maximum by one second
Google Trust Services: OCSP responses not published in a timely manner
Google Trust Services: CRL validity period set to expected value plus one second
GDCA: CRL validity period exceeds allowed value by one second
Microsoft PKI Services: 3-Month Access Review Process Failure
Sectigo: CRL validity beyond CPS allowed value
Entrust: Non-BR-Compliant OCSP Responder
Amazon Trust Services: CRL not DER-encoded