← Microsoft Corporation cases
Bugzilla #1879552
Certificate Problem Report
Microsoft PKI Services: OCSP Responder does not know a Certificate
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft PKI Services encountered an issue where their OCSP responder did not recognize a certificate. The problem was first reported by Mozilla on February 8, 2024, prompting an investigation. It was determined that a new instance of their tools, referred to as 'Z4', was the source of the issue, leading to the identification of 101 certificates that were not known to the OCSP. Microsoft took corrective actions, including suspending the issuance of certificates from the problematic instance and ensuring all impacted certificates were uploaded to the OCSP responder by February 14, 2024. The case has since been resolved.
Chronology
- Instance 'Z4' of MS PKI Tools went live.
- MS PKI Services notified by Mozilla about unknown certificate.
- Suspended operation of Z4 instance.
- All impacted certificates uploaded to OCSP responder.
Participants
John Mason
External References
Similar Local Cases
Microsoft PKI Services: Underscore in SAN
Microsoft PKI Services: Unrevoked 4 intermediate certificates
Microsoft PKI Services: "unknown" OCSP response for issued certificates
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions)
Microsoft PKI Services: Malformed ICAs (Key Usage Malformed)
Microsoft: improper disclosure of CRL
Microsoft PKI Services: Invalid Email Address for CPRs
Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy