← Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) cases
Bugzilla #1947207
Policy Compliance
FNMT: Incorrect publication of information for Test Website - Valid
RESOLVED
FIXED
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)
AI Summary
The FNMT reported an incident regarding the incorrect publication of information for its test websites, which were found to be protected by expired certificates. This situation constituted a breach of compliance with CA/Browser Forum TLS BR requirements. The issue arose due to a bug that caused the web cluster to balance to a passive node that had not been updated. The FNMT has since implemented a monitoring system and revised its certificate renewal procedures to prevent future occurrences.
Chronology
- New valid test certificates issued.
- Bug caused active certificates to appear expired.
- Preliminary incident report posted.
- Incident report closure summary provided.
Participants
Amaya Espinosa
Mozilla Team
External References
Similar Local Cases
FNMT: CP/CPS lack CAA processing details
NETLOCK: CA/Browser Forum TLS BR Non-compliance
NETLOCK: Expired Test Website Certificate
ANF AC: Test Certificates Non-Compliance
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Microsoft PKI Services: Firewall log data retention
Asseco DS / Certum: Use of forbidden subjectPublicKeyInfo algorithm
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots