← Microsoft Corporation cases
Bugzilla #1999850 Certificate Problem Report

Microsoft PKI Services: OCSP Non-Compliance

ASSIGNED Microsoft Corporation
AI Summary

Microsoft PKI Services encountered an issue during the migration of their OCSP traffic to a new infrastructure. On November 10, 2025, it was discovered that OCSP responses included fractional seconds in critical fields, leading to TLS handshake failures for some relying parties. This non-compliance with RFC 5280 prompted a rollback to the legacy OCSP infrastructure, which has known compliance gaps. Microsoft is actively working to resolve the issue and plans to migrate back to the new infrastructure by June 30, 2026.

Model: gpt-4o-mini Generated: 2026-06-13 21:24 UTC Confidence: 0.90
Chronology
  1. Migration to new OCSP infrastructure started
  2. Incident reported related to certificate validation errors
  3. Traffic moved back to legacy OCSP infrastructure
  4. Root cause confirmed as presence of fractional seconds
  5. Target date for migration to new infrastructure
Participants
CentralPKI@microsoft.com
External References
Original Bugzilla Case www.rfc-editor.org cabforum.org
Similar Local Cases
#2009543 RESOLVED Certificate Problem Report Opened 2026-01-10 · Closed 2026-02-09 · 57% similar
Microsoft PKI Services: Improper Disclosure of CRLs – Does Not Match CA Subject
AI Summary CA Owner
#2009539 RESOLVED Certificate Problem Report Opened 2026-01-10 · Closed 2026-02-17 · 57% similar
Microsoft PKI Services: Improper Disclosure of CRLs – IDP – Existing CAs
AI Summary CA Owner
#2008847 RESOLVED Certificate Problem Report Opened 2026-01-06 · Closed 2026-02-17 · 57% similar
Microsoft PKI Services: Sample Site Certificates expired
AI Summary CA Owner
#1974592 RESOLVED Certificate Problem Report Opened 2025-06-28 · Closed 2025-08-30 · 57% similar
Microsoft PKI Services: Pre-Sign Linting Validation did not occur in ICA creation
AI Summary CA Owner
#2009541 RESOLVED Certificate Problem Report Opened 2026-01-10 · Closed 2026-02-11 · 56% similar
Microsoft PKI Services: Failure to report within 72 hrs - Sample Site Certs Expired
AI Summary CA Owner
#2007221 RESOLVED Certificate Problem Report Opened 2025-12-20 · Closed 2026-03-02 · 56% similar
Microsoft PKI Services: Improper Disclosure of CRL
AI Summary CA Owner
#2009545 RESOLVED Certificate Problem Report Opened 2026-01-10 · Closed 2026-02-11 · 55% similar
Microsoft PKI Services: Improper Disclosure of CRLs – Protocol Scheme
AI Summary CA Owner
#2009542 RESOLVED Certificate Problem Report Opened 2026-01-10 · Closed 2026-02-17 · 55% similar
Microsoft PKI Services: Improper Disclosure of CRLs – IDP – New CAs
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action