← China Financial Certification Authority (CFCA) cases
Bugzilla #2005399 Certificate Problem Report

CFCA: DV OCA caIssuers Returns PEM Encoded Certificate (RFC 5280 Section 4.2.2.1 Violation)

RESOLVED FIXED China Financial Certification Authority (CFCA)
AI Summary

The CFCA DV OCA certificate was found to return a PEM encoded certificate instead of the required DER format as specified by RFC 5280. This issue was identified through a community report and has since been resolved by updating the caIssuers link to return the correct DER encoded certificate. A comprehensive review of all subordinate CA certificates was conducted to ensure compliance, and additional validation measures have been implemented to prevent future occurrences. The incident highlights the importance of adhering to RFC specifications and improving internal monitoring processes.

Model: gpt-4o-mini Generated: 2026-06-13 21:35 UTC Confidence: 0.95
Chronology
  1. Non-compliance identified
  2. Remediation completed
  3. Incident report closure requested
Participants
Michael Songxinlei
External References
Original Bugzilla Case crt.sh bugzilla.mozilla.org
Related Bugzilla IDs Mentioned
#2004492 #1637093 #1637854 #1884461 #1914466 #2004668 #2004732
Similar Local Cases
#2009134 RESOLVED Certificate Problem Report Opened 2026-01-08 · Closed 2026-02-18 · 56% similar
CFCA: reporting delayed when handling incident bug #2005399
AI Summary CA Owner
#1886135 RESOLVED Certificate Problem Report Opened 2024-03-19 · Closed 2024-09-26 · 53% similar
CFCA: certificate basicConstraints extension not marked as critical
AI Summary CA Owner
#1802845 RESOLVED Certificate Problem Report Opened 2022-11-28 · Closed 2023-09-29 · 52% similar
CFCA: EV certificate with wrong PostalCode&Street
AI Summary CA Owner
#1532113 RESOLVED Certificate Problem Report Opened 2019-03-03 · Closed 2023-02-22 · 51% similar
CFCA: O > 64 characters
AI Summary CA Owner
#1778035 RESOLVED Certificate Problem Report Opened 2022-07-05 · Closed 2023-04-19 · 51% similar
CFCA: The wrong status of OCSP
AI Summary CA Owner
#1798812 RESOLVED Certificate Problem Report Opened 2022-11-02 · Closed 2023-05-04 · 51% similar
CFCA: Delayed reporting of revocation of an intermediate CA certificate
AI Summary CA Owner
#1809382 RESOLVED Certificate Problem Report Opened 2023-01-10 · Closed 2023-09-29 · 51% similar
CFCA: Certificate with wrong crlDistributionPoints
AI Summary CA Owner
#1532429 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 50% similar
CFCA: Invalid TLD in SAN
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action