← SSL.com cases
Bugzilla #1957140
Certificate Problem Report
SSL.com: "unknown" OCSP response for issued certificates
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com experienced an issue with their OCSP responders returning 'unknown' status for 67 certificates, violating their CPS policy on online revocation checking. The problem was reported by a third party and was traced back to intermittent failures in inserting newly issued certificates into the CA database due to high-rate requests. SSL.com has since resolved the immediate issue and is working with their CA vendor to identify the root cause and implement a permanent fix. A full incident report has been provided, detailing the timeline and actions taken.
Chronology
- First instance of a certificate missing from the CA database.
- Certificate Problem Report received regarding OCSP errors.
- Non-compliance issue resolved.
- Incident Closure Summary posted.
Participants
secauditor@ssl.com
rebeccak@ssl.com
luisc@ssl.com
james8704@proton.me
rowleylaw@gmail.com
jrmoir@protonmail.com
incident-reporting@ccadb.org
External References
Similar Local Cases
SSL.com: DCV bypass and issue fake certificates for any MX hostname
SSL.com: Incorrect Open MPIC Lambda implementation by EJBCA ACME Service
SSL.com: CAA Empty set handling results in Wildcard issuance
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list.
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
Certigna: Multiple Reserved Certificate Policy Identifiers in CA certificates
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate