← Microsoft Corporation cases
Bugzilla #1965612
Certificate Problem Report
Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829
IN PROGRESS
FIXED
Microsoft Corporation
AI Summary
Microsoft PKI Services has faced challenges in revoking certificates in a timely manner, specifically failing to revoke certain certificates within the required five-day period as mandated by the Baseline Requirements. The incident was triggered by a typographical error in the Certificate Policy document, which led to confusion regarding the status of key usages in Subscriber certificates. As of the latest updates, Microsoft has revoked over 15 million certificates but still has approximately 31,000 active certificates pending revocation. The company has committed to completing all revocations by March 6, 2026, and is implementing measures to improve its certificate lifecycle management and revocation processes.
Chronology
- Preliminary Incident Report opened.
- Initial target date for revocation completion.
- Updated revocation status report issued.
- Final target date for all remaining revocations.
Participants
CentralPKI@microsoft.com
chrome-root-program@google.com
bwilson@mozilla.com
rdaurne77@gmail.com
malcolm.doody@gmail.com
aaron@letsencrypt.org
stephan@verbuecheln.ch
lijun.liao@gmail.com
External References
Similar Local Cases
Microsoft PKI Services: Failure to Update Full Incident Report within 14 days of discovering new root cause
Microsoft PKI Services: Subject Key Identifiers in Some Subscriber Certificates Do Not Comply with RFC 5280
Microsoft PKI Services: Sample Site Certificates expired
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
Microsoft PKI Services: Improper Disclosure of CRLs – IDP – New CAs
Microsoft PKI Services: Failure to report within 72 hrs - Sample Site Certs Expired
Microsoft PKI Services: Failure to publish Full Incident Report for Bugzilla 2021175 within 14 days