← GlobalSign nv-sa cases
Bugzilla #1793441
Technical Compliance
GlobalSign: CRL contains invalid signature algorithm
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign reported an issue where a Certificate Revocation List (CRL) contained an invalid signature algorithm, specifically using `sha256WithRSAEncryption` for a CRL issued by an elliptic curve key CA. The problem was identified following a Bugzilla report, leading to an internal investigation. GlobalSign acknowledged the issue, confirmed that no active certificates were affected, and updated their CRL signing algorithm logic. The updated logic was deployed successfully, resolving the issue.
Chronology
- Bugzilla ticket created and internal SOC ticket initiated.
- GlobalSign confirmed the issue and began investigation.
- Updated CRL logic deployed and confirmed to be functioning correctly.
Participants
Andrew Ayer
Christophe Bonjean
bwilson@mozilla.com
External References
Similar Local Cases
Amazon Trust Services: CRL not DER-encoded
D-TRUST: CRL not DER-encoded
GlobalSign: Cross Certificate with non-conforming CABF Policy OIDs
Certainly: Root CRL validity period exceeds maximum by one second
GoDaddy: inconsistent CP/CPS disclosure
Microsoft PKI Services: 3-Month Access Review Process Failure
GDCA: CRL validity period exceeds allowed value by one second
Apple: CRL issuance frequency deviates from CPS in some cases