← GlobalSign nv-sa cases
Bugzilla #1919304
Certificate Problem Report
GlobalSign: Caching headers inaccurate for subset of CRLs
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign identified an issue with inaccurate HTTP caching headers for a subset of Certificate Revocation Lists (CRLs) published through their Atlas platform. This problem occurred between August 22 and September 13, 2024, affecting CRLs for 185 CAs. Clients using conditional GET requests may have received outdated responses during this period. The root cause was traced to a bug in the update process that prevented the correct HTTP headers from being applied. Remedial actions have been implemented, including updates to the QA process and monitoring enhancements.
Chronology
- Updates performed to first CRL server; incorrect caching headers published.
- Issue identified and escalation to compliance team.
- Monitoring extended to cover HTTP headers.
- Updates to QA process completed.
- Case scheduled for closure.
Participants
christophe.bonjean@globalsign.com
bwilson@mozilla.com
External References
Similar Local Cases
GlobalSign: Failure to revoke key-compromised certificate within 24 hours
GlobalSign: OCSP Status HTTP 530
GlobalSign: EV TLS certificate with only metadata in JOI State field
GlobalSign: CRLs reported in CCADB unavailable
GlobalSign: AT&T Insufficient Serial Number Entropy
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold”
Bug in GlobalSign Certificate Centre not populating EKUs in 68 SSL certificates
GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName