← Open Access Technology International, Inc. (OATI) cases
Bugzilla #2041774
Certificate Problem Report
OATI: AIA CA Issuer field pointing to PEM encoded cert
ASSIGNED
Open Access Technology International, Inc. (OATI)
AI Summary
Open Access Technology International, Inc. (OATI) faced a compliance issue where the Authority Information Access (AIA) CA Issuer field in their TLS certificates pointed to a PEM-encoded file instead of the required DER format. The non-compliance was identified on April 29, 2026, and remediation was completed by republishing the issuer certificate in the correct format on May 21, 2026. The incident was reported by a third party, and while the integrity of the certificate issuance was not affected, OATI acknowledged procedural gaps in their publication processes. They are now implementing improvements to prevent similar issues in the future.
Chronology
- OATI published the Server Issuing CA 2025 file.
- OATI was made aware of the AIA CA Issuer pointer issue.
- OATI acknowledged the issue to the reporter.
- OATI republished the issuer certificate files in DER format.
Participants
rootprogram@oati.net
rdaurne77@gmail.com
mike.shaver@gmail.com
External References
Similar Local Cases
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
Firmaprofesional: Delayed revocation disclosure of TLS Subordinate CA certificate Secure Web 2024 in CCADB
Certigna: AIA CA issuer field pointing to PEM encoded cert
Telia: AIA CA Issuer field pointing to PEM encoded cert
NAVER Cloud Trust Services: CA Certificate not published in DER Encoded Format
Chunghwa Telecom: CA Certificates Published in PEM format
TWCA: CA Certificate not published in DER Encoded Format
NETLOCK: Pre-certificates revoked with certificateHold reason