← Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) cases
Bugzilla #1889062
Delayed Revocation
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints
CLOSED
FIXED
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))
AI Summary
Global Digital Cybersecurity Authority Co., Ltd. (GDCA) issued 20 SSL/TLS certificates with Non-critical Basic Constraints between September 15 and October 8, 2023. Thirteen of these certificates were not revoked within the required 5-day period after a Certificate Problem Report was received, violating section 4.9.1.1 of the Baseline Requirements. The delay was attributed to the complexity of the revocation process for government entities and insufficient contact information for timely communication. GDCA has since implemented several remediation measures, including establishing a rapid response team and revising their Subscriber Agreement to ensure compliance with revocation timelines.
Chronology
- First problematic certificate issued.
- Last problematic certificate issued.
- Certificate problem report received.
- All problematic certificates revoked.
Participants
capoc@gdca.com.cn
bwilson@mozilla.com
mike.shaver@gmail.com
External References
Similar Local Cases
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
NETLOCK: Bug 1891331 replacement - delayed revocation -
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
FIRMAPROFESIONAL: Delayed leaf revocation
Telekom Security: Delayed Revocations of Sub-CA certificates
Chunghwa Telecom: Delayed revocation for bug 1951415