← Chunghwa Telecom cases
Bugzilla #2005762
Certificate Problem Report
Chunghwa Telecom: Failure to respond to CPR within 24 hours
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom failed to respond to a Certificate Problem Report (CPR) regarding the incorrect formatting of a CA certificate within the required 24-hour timeframe, violating the Baseline Requirements (BR) 4.9.5. The incident was identified on December 12, 2025, after a third-party report highlighted the delay. The CA acknowledged the procedural non-compliance and has since revised its internal processes to ensure timely responses in the future. All action items related to this incident have been completed, and the CA is committed to adhering to Web PKI standards.
Chronology
- Received a third-party notification about CA Certificates Published in PEM format.
- Started the incident investigation.
- Preliminary Incident Report emailed to the Third Party.
- Implemented updated procedures and training.
- Final call for comments before case closure.
Participants
Tsung-Min Kuo
External References
Similar Local Cases
Chunghwa Telecom: Test Website certificate not revoked
Chunghwa Telecom: Issuance of certificate using keys previously reported as compromised
Chunghwa Telecom: “Test Website - Valid" URL disclosed to CCADB is expired
Chunghwa Telecom: CA Certificates Published in PEM format
Chunghwa Telecom: Failure to check restrictive CAA record during Migration
Chunghwa Telecom: OV TLS Server certificate issuance by GTLSCA without proper validation
Chunghwa Telecom: Controversial Values within Extension (2.5.29.9, subjectDirectoryAttributes)
Chunghwa Telecom: TLS Certificates Contains two LocalityName Values in SubjectDN by GTLSCA