← Taiwan-CA Inc. (TWCA) cases
Bugzilla #1885132 Certificate Problem Report

TWCA: TLS certificates with non-critical basicConstraints

RESOLVED FIXED Taiwan-CA Inc. (TWCA)
AI Summary

Taiwan-CA Inc. (TWCA) identified an issue where 75 EV TLS certificates and 16,406 OV TLS certificates were issued with non-critical basicConstraints, violating BR Section 7.1.2.7. The problem was discovered during an investigation related to a previous bug. Although recently issued certificates were not affected, the mis-issuance required immediate action, including customer notifications and certificate replacements. TWCA has since implemented corrective measures, including the integration of pkilint into their issuance process to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 20:52 UTC Confidence: 0.95
Chronology
  1. TLS BR 2.0.0 was published.
  2. TLS BR 2.0.0 became effective.
  3. Compliance team confirmed the issue and started investigation.
  4. Preliminary report posted after discovering the issue.
  5. Internal procedures established and compliance with standards initiated.
  6. pkilint integrated into the CA system.
  7. All action items completed; request to close the bug.
Participants
Hao-Chun Li Chya-Hung Tsai Ryan Dickson Rob Stradling
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1793445 RESOLVED Certificate Problem Report Opened 2022-10-03 · Closed 2023-04-19 · 62% similar
TWCA: "unknown" OCSP response for issued certificates
AI Summary CA Owner
#1883620 RESOLVED Certificate Problem Report Opened 2024-03-05 · Closed 2024-07-03 · 61% similar
TWCA: TLS EV certificates with invalid subject attribute order
AI Summary CA Owner
#1809382 RESOLVED Certificate Problem Report Opened 2023-01-10 · Closed 2023-09-29 · 58% similar
CFCA: Certificate with wrong crlDistributionPoints
AI Summary CA Owner
#1884568 RESOLVED Certificate Problem Report Opened 2024-03-10 · Closed 2025-02-14 · 58% similar
TWCA: Revocation delay for EV TLS certificates with invalid subject attribute order
AI Summary CA Owner
#1848240 RESOLVED Certificate Problem Report Opened 2023-08-10 · Closed 2023-11-02 · 57% similar
TWCA: Undisclosed CA
AI Summary CA Owner
#1888104 RESOLVED Certificate Problem Report Opened 2024-03-27 · Closed 2024-07-11 · 56% similar
Disig: TLS certificate with basicConstraints not marked as critical
AI Summary CA Owner
#1796803 RESOLVED Certificate Problem Report Opened 2022-10-21 · Closed 2023-02-22 · 56% similar
Sectigo: Issuance of ECC leaf certificates with non-DER encoded keyUsage
AI Summary CA Owner
#1886110 RESOLVED Certificate Problem Report Opened 2024-03-19 · Closed 2025-02-14 · 55% similar
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action