← iTrusChina Co., Ltd. cases
Bugzilla #1927675
Certificate Problem Report
iTrusChina: CPR was not responded to within 24 hours
RESOLVED
FIXED
iTrusChina Co., Ltd.
AI Summary
iTrusChina failed to respond to a Certificate Problem Report (CPR) regarding potentially mis-issued certificates within the required 24-hour timeframe, violating TLS BRs Section 4.9.5. The delay was attributed to human error and inexperience, as relevant staff did not monitor the CPR email during the weekend. iTrusChina has since implemented a double-check mechanism and trained staff to ensure compliance with CPR response requirements in the future.
Chronology
- Google team emailed iTrusChina about potentially mis-issued certificates.
- iTrusChina responded to the email and began investigation.
- iTrusChina confirmed the delayed response was due to human error.
- Incident report closure summary was provided, confirming completion of action items.
Participants
iTrusChina Co.,Ltd.
Peter Cooper Jr.
Mozilla Team
External References
Similar Local Cases
iTrusChina: CRL Reason Codes
Sectigo: Failure to provide a preliminary report within 24 hours
iTrusChina: verification errors for the roots' CRLs(ARL)
Chunghwa Telecom: “Test Website - Valid" URL disclosed to CCADB is expired
NETLOCK: CPR was not responded to in 24 hours
HARICA: Anomaly in OCSP services after CA software upgrade
DigiCert: Domain used for CRLs and OCSP has expired
NAVER Cloud Trust Services: Failure to respond to CPR within 24 hours