← Autoridad de Certificación (ANF AC) cases

ANF AC: 2026 Audit Report Finding 2 out of 3 — CPS OCSP URL not published

ASSIGNED Autoridad de Certificación (ANF AC)

This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.

AI Summary

This case reports an audit finding for ANF AC related to its Certification Practice Statement (CPS). During the annual ETSI EN 319 411-1 conformity assessment audit, it was identified that the CPS (OID 1.3.6.1.4.1.18332.1.9.1.1, version 3.11) contained a URL for additional OCSP information that was not published on the corporate website at the time. The finding was treated as a non-conformity against ETSI EN 319 411-1, REQ REV-6.2.4-01, because the CPS referred users and subscribers to a web address that did not resolve to the indicated information. ANF AC stated the issue was documentary and related to web publication, and that no issued certificates, OCSP responses, or CRLs were affected. ANF AC restored the OCSP informational page on 2026-03-30 so the URL referenced in the CPS resolved correctly again, and it concluded no CPS text modification was necessary. The preventive action completed on 2026-04-24 included updating and maintaining a Git-versioned inventory of corporate website URLs to improve coordination between teams.

Model: gpt-5.4-nano Generated: 2026-06-19 19:21 UTC Revised: 2026-06-19 19:21 UTC Confidence: 0.86 1 comment

Chronology

2025-11-28 ANF AC migrated its corporate website, and the OCSP informational page referenced by the CPS URL was no longer published.
2026-03-30 ANF AC restored the OCSP informational page so the CPS-referenced URL resolved correctly again after the audit identified the issue.
2026-04-24 ANF AC completed preventive action by updating and maintaining a Git-versioned inventory of corporate website URLs.

Thread Activity

2026-06-15 yulier.nunez@anf.es — Filed a full incident report describing an ETSI audit non-conformity where the CPS referenced an OCSP information URL that did not resolve to the intended content, and documented restoration and preventive actions.

Participants

yulier.nunez@anf.es

External References

Original Bugzilla Case

Similar Local Cases

#2047581 ASSIGNED Audit Finding Policy Document Issue Cp Cps Document Opened 2026-06-15 Still Open · 82% similar

ANF AC: 2026 Audit Report Finding 3 out of 3

AI Summary CA Owner

#1974325 RESOLVED Incident Self Reported Incident Opened 2025-06-26 · Closed 2025-07-16 · 67% similar

ANF AC: Test Certificates Non-Compliance

AI Summary CA Owner

#1970565 RESOLVED Audit Finding Self Reported Incident Opened 2025-06-05 · Closed 2025-07-08 · 61% similar

ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website

AI Summary CA Owner

#2047579 ASSIGNED Incident Problem Reporting Failure Self Assessment Opened 2026-06-15 Still Open · 60% similar

ANF AC: 2026 Audit Report Finding 1 out of 3

AI Summary CA Owner

#1838864 RESOLVED Incident Opened 2023-06-16 · Closed 2023-07-14 · 58% similar

Firmaprofesional: Failure to Respond to April 2023 Survey

AI Summary CA Owner

#1973236 RESOLVED Incident Policy Document Issue Self Reported Incident Opened 2025-06-20 · Closed 2025-07-09 · 58% similar

ANF AC: Delayed Disclosure of Updated Policy Documents in CCADB

AI Summary CA Owner

#1604124 RESOLVED Ca Certificate Compliance Incident Self Reported Incident Opened 2019-12-16 · Closed 2023-02-22 · 50% similar

Microsoft DSRE PKI: problem reporting e-mail in CPS does not work

AI Summary CA Owner

#1705904 RESOLVED Policy Document Issue Self Reported Incident Opened 2021-04-17 · Closed 2023-02-22 · 50% similar

KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains

AI Summary CA Owner