← Certainly LLC cases
Bugzilla #1798053 Certificate Problem Report

Certainly: Serving Bad OCSP Responses

RESOLVED FIXED Certainly LLC
AI Summary

Certainly LLC experienced an incident where their OCSP service returned 'unauthorized' responses for valid certificates. The issue was identified on October 24, 2022, during testing of a new monitoring tool. A series of fixes were implemented, restoring correct OCSP responses for approximately 50,000 certificates by October 25. The root cause was a change in serial number prefixes that was not properly configured, leading to unauthorized responses. Remediation steps have been completed, and monitoring continues to ensure no recurrence.

Model: gpt-4o-mini Generated: 2026-06-13 21:27 UTC Confidence: 0.90
Chronology
  1. Incident declared after unauthorized OCSP responses detected.
  2. Correct OCSP responses restored for all certificates.
  3. Remediation of the incident completed.
Participants
Wayne Thayer bwilson@mozilla.com
External References
Original Bugzilla Case
Similar Local Cases
#1771238 RESOLVED Certificate Problem Report Opened 2022-05-25 · Closed 2023-02-22 · 64% similar
Certainly: Serving Expired OCSP Responses
AI Summary CA Owner
#1900129 RESOLVED Certificate Problem Report Opened 2024-05-31 · Closed 2024-06-28 · 61% similar
Certainly: Serving invalid or incomplete CRLs
AI Summary CA Owner
#1954889 RESOLVED Certificate Problem Report Opened 2025-03-19 · Closed 2025-03-28 · 57% similar
Certainly: Early CRL Entry Removal
AI Summary CA Owner
#1752452 RESOLVED Certificate Problem Report Opened 2022-01-28 · Closed 2023-02-22 · 56% similar
Certainly: TLS Using ALPN TLS Version and OID
AI Summary CA Owner
#1486650 RESOLVED Certificate Problem Report Opened 2018-08-27 · Closed 2023-02-22 · 53% similar
Let's Encrypt: OCSP "unauthorized" responses
AI Summary CA Owner
#1968836 RESOLVED Certificate Problem Report Opened 2025-05-28 · Closed 2025-08-26 · 51% similar
Certainly: Sample Websites Unavailable
AI Summary CA Owner
#1605372 RESOLVED Certificate Problem Report Opened 2019-12-20 · Closed 2023-02-22 · 51% similar
GlobalSign: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request
AI Summary CA Owner
#1954861 RESOLVED Certificate Problem Report Opened 2025-03-18 · Closed 2025-04-09 · 49% similar
Let's Encrypt: Early CRL Removal Incident
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action