← Government of Hong Kong (SAR), Hongkong Post, Certizen cases
Bugzilla #1887008 Certificate Problem Report

Hongkong Post: TLS certificates with basicConstraints not marked as critical

RESOLVED FIXED Government of Hong Kong (SAR), Hongkong Post, Certizen
AI Summary

Hongkong Post issued TLS certificates with the basicConstraints extension present but without the required critical flag, violating BR 7.1.2.7.6. This issue was identified during an investigation linked to another bug report. A total of 46 affected certificates were issued since the effective date of the new requirement on September 15, 2023. Although there were no disruptions to services, the certificates needed to be revoked and replaced. The root cause was traced to a system bug in the certificate issuance process, which has since been addressed.

Model: gpt-4o-mini Generated: 2026-06-13 21:25 UTC Confidence: 1.00
Chronology
  1. BR for TLS 2.0.0 became effective.
  2. Notified about TLS certificates issued without the critical flag.
  3. Identified the system bug causing the issue.
  4. All affected certificates were revoked.
Participants
Man Ho
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1886406 RESOLVED Certificate Problem Report Opened 2024-03-20 · Closed 2024-08-28 · 61% similar
Hongkong Post: TLS certificates with Certificate Policies extension that does not assert http scheme
AI Summary CA Owner
#2032063 ASSIGNED Certificate Problem Report Opened 2026-04-15 Still Open · 60% similar
Hongkong Post: Certificates with invalid embedded SCT signature
AI Summary CA Owner
#1804843 RESOLVED Certificate Problem Report Opened 2022-12-09 · Closed 2023-04-19 · 59% similar
Hongkong Post: Subject CN converted to Unicode representation incident
AI Summary CA Owner
#1267332 RESOLVED Certificate Problem Report Opened 2016-04-25 · Closed 2022-11-14 · 58% similar
Hongkong Post e-Cert CA 1 - 10 issuing certificates without subject alternative name extension
AI Summary CA Owner
#1886722 RESOLVED Certificate Problem Report Opened 2024-03-21 · Closed 2024-08-28 · 58% similar
Hongkong Post: Delayed response to CPR
AI Summary CA Owner
#1885132 RESOLVED Certificate Problem Report Opened 2024-03-13 · Closed 2024-07-12 · 45% similar
TWCA: TLS certificates with non-critical basicConstraints
AI Summary CA Owner
#1888104 RESOLVED Certificate Problem Report Opened 2024-03-27 · Closed 2024-07-11 · 45% similar
Disig: TLS certificate with basicConstraints not marked as critical
AI Summary CA Owner
#1722089 RESOLVED Certificate Problem Report Opened 2021-07-23 · Closed 2023-02-22 · 44% similar
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action