← China Financial Certification Authority (CFCA) cases
Bugzilla #1778035 Certificate Problem Report

CFCA: The wrong status of OCSP

RESOLVED FIXED China Financial Certification Authority (CFCA)
AI Summary

The China Financial Certification Authority (CFCA) reported an issue with the Online Certificate Status Protocol (OCSP) where some cache data was not synchronized following an update in May. This led to an abnormal OCSP status affecting approximately 14 certificates from May 5 to June 15, 2022. CFCA took corrective actions by updating their systems, and the issue was resolved. They have since implemented measures to enhance their testing methods and are developing a linting tool to prevent future mis-issuances.

Model: gpt-4o-mini Generated: 2026-06-13 21:25 UTC Confidence: 0.90
Chronology
  1. Received report about a wrongly issued certificate.
  2. Replaced the wrongly issued certificate and revoked it.
  3. Updated the test system to fix the OCSP issue.
  4. Applied ZLint service for certificate issuance.
Participants
bixinlong@cfca.com.cn gaofei@cfca.com.cn bwilson@mozilla.com ryandickson@google.com
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1809382 RESOLVED Certificate Problem Report Opened 2023-01-10 · Closed 2023-09-29 · 56% similar
CFCA: Certificate with wrong crlDistributionPoints
AI Summary CA Owner
#1738207 RESOLVED Certificate Problem Report Opened 2021-10-28 · Closed 2023-02-22 · 56% similar
Telia: Issued three precertificates with non-NIST EC curve
AI Summary CA Owner
#1886135 RESOLVED Certificate Problem Report Opened 2024-03-19 · Closed 2024-09-26 · 55% similar
CFCA: certificate basicConstraints extension not marked as critical
AI Summary CA Owner
#1801345 RESOLVED Certificate Problem Report Opened 2022-11-18 · Closed 2023-07-21 · 55% similar
E-Tugra: Incident Report (Security Issues)
AI Summary CA Owner
#1886110 RESOLVED Certificate Problem Report Opened 2024-03-19 · Closed 2025-02-14 · 54% similar
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
AI Summary CA Owner
#1802845 RESOLVED Certificate Problem Report Opened 2022-11-28 · Closed 2023-09-29 · 53% similar
CFCA: EV certificate with wrong PostalCode&Street
AI Summary CA Owner
#1532559 RESOLVED Certificate Problem Report Opened 2019-03-05 · Closed 2023-02-22 · 53% similar
CFCA: Wrong SerialNumber encoding
AI Summary CA Owner
#1798812 RESOLVED Certificate Problem Report Opened 2022-11-02 · Closed 2023-05-04 · 52% similar
CFCA: Delayed reporting of revocation of an intermediate CA certificate
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action