← SwissSign AG cases
Bugzilla #1815466
Certificate Problem Report
SwissSign: CRL/OCSP revocation time mismatch
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a discrepancy between the revocation times displayed by their Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) responses. This issue arose due to differing database fields being read by the CRL generator and OCSP responder, leading to a mismatch in revocation times for 1,446 revoked certificates. The CA confirmed that certificate issuance was not affected, and a hotfix was implemented to align the revocation times on February 13, 2023. The bug was resolved on April 19, 2023.
Chronology
- Developer detects the bug and informs compliance team
- Bug confirmed, classified as compliance incident
- Hotfix implemented to align revocation times
- Bug resolved
Participants
Roman Fischer
External References
Similar Local Cases
SwissSign: Invalid CT data in issued certs (SABRE.CT misconfiguration)
SwissSign: Certificate Profile error for S/MIME MV
SwissSign: OCSP outage
SwissSign: Certificate issue with Signature
SwissSign: CP/CPS certificate profile issue
SwissSign: 'c/o' in streetAddress of EV certificate
SwissSign: OCSP responder unreachable
SwissSign: Error in OrganisationIdentifier in signature/seal certificate