← Netlock cases
Bugzilla #1979287
Policy Compliance
NETLOCK: Expired Test Website Certificate
RESOLVED
FIXED
Netlock
AI Summary
NETLOCK Kft. faced a compliance issue when their test webpage intended for revoked certificates was found to be serving an expired certificate instead. This misconfiguration violated the CA/Browser Forum Baseline Requirements, specifically Section 2.2, which mandates that CAs must host test pages for valid, revoked, and expired certificates. The issue was identified by the Chrome Root Program, leading to a swift internal investigation and remediation plan. NETLOCK has since corrected the issue by replacing the expired certificate with a properly revoked one and implemented preventive measures to avoid future occurrences.
Chronology
- Issue discovered by Chrome Root Program
- Root cause identified and remediation plan implemented
- Preventive measures finalized
- Closure summary provided
Participants
Roland Kaluha
bsmith@cabbage.org.uk
External References
Similar Local Cases
NETLOCK: CA/Browser Forum TLS BR Non-compliance
NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe
NETLOCK: Transition Plan for Mozilla Root Store Policy 7.5 by Deadline
NETLOCK: Missing Related Incidents section in the bug report
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
NetLock: Cumulative report connected to EV verification
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
NETLOCK: CPS 1.5.2. problem and contact information update