← Microsoft Corporation cases
Bugzilla #1962830 Certificate Problem Report

Microsoft PKI Services: Subscriber certificate change made that was not compliant with CPS

RESOLVED FIXED Microsoft Corporation
AI Summary

Microsoft PKI Services made a configuration change that removed the OCSP URI from Subscriber certificates issued by four publicly trusted TLS Issuing CAs, which did not comply with the active Certificate Practice Statement (CPS) at the time. This non-compliance was identified on April 25, 2025, and all impacted certificates were revoked the same day. The incident stemmed from a lack of defined requirements to review the CPS before implementing changes, leading to a race condition between the CA change and the CPS update. Remediation steps have been implemented to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:19 UTC Confidence: 0.95
Chronology
  1. Non-compliance began with the issuance of certificates without OCSP URI.
  2. New CPS version allowing OCSP URI to be optional was published.
  3. Non-compliance was identified and all impacted certificates were revoked.
Participants
Microsoft PKI Services u654666@disabled.tld
External References
Original Bugzilla Case www.microsoft.com www.microsoft.com
Similar Local Cases
#1944436 RESOLVED Certificate Problem Report Opened 2025-01-28 · Closed 2025-04-03 · 61% similar
Microsoft PKI Services: Subject Key Identifiers in Some Subscriber Certificates Do Not Comply with RFC 5280
AI Summary CA Owner
#1884461 RESOLVED Certificate Problem Report Opened 2024-03-08 · Closed 2024-05-20 · 59% similar
Microsoft PKI Services: CA Certificates not published in DER Encoded Format
AI Summary CA Owner
#1962829 RESOLVED Certificate Problem Report Opened 2025-04-26 · Closed 2026-04-26 · 58% similar
Microsoft PKI Services: Policy document bug
AI Summary CA Owner
#1990801 RESOLVED Certificate Problem Report Opened 2025-09-25 · Closed 2025-11-03 · 57% similar
Microsoft: improper disclosure of CRL
AI Summary CA Owner
#1842121 RESOLVED Certificate Problem Report Opened 2023-07-07 · Closed 2023-09-29 · 57% similar
Microsoft PKI Services: CRL Publication Failures
AI Summary CA Owner
#1904257 RESOLVED Certificate Problem Report Opened 2024-06-23 · Closed 2024-06-30 · 56% similar
Microsoft PKI Services: Invalid Email Address for CPRs
AI Summary CA Owner
#2008847 RESOLVED Certificate Problem Report Opened 2026-01-06 · Closed 2026-02-17 · 53% similar
Microsoft PKI Services: Sample Site Certificates expired
AI Summary CA Owner
#1705419 RESOLVED Certificate Problem Report Opened 2021-04-15 · Closed 2023-02-22 · 53% similar
Microsoft PKI Services: Underscore in SAN
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action