← eMudhra Technologies Limited cases
Bugzilla #2048995 Externally Reported Incident Problem Reporting Failure

eMudhra emSign PKI Services :: OCSP Responder Returned "Unauthorized" for Some Pecertificates

UNCONFIRMED eMudhra Technologies Limited
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

The bug contains a preliminary incident report stating that the emSign CA served RFC 6960 OCSP responses with an "Unauthorized" result for three publicly logged precertificates where the final certificates were not issued. The report says these OCSP responses remained available beyond the 15-minute window required by BR §4.9.9, because OCSP status provisioning for failed issuance transactions used a separate workflow not designed to complete within the required timeframe. The report cites CA/Browser Forum TLS Baseline Requirements §4.9.9 and Mozilla Root Store Policy Section 5.4 regarding providing CRL and OCSP services for certificates presumed to exist based on the presence of a pre-certificate. The incident disclosure is described as originating from an external report received via the CA problem reporting mechanism, followed by internal review by the emSign PKI team. No resolution or next steps are stated in the provided thread content.

Model: gpt-5.4-nano Generated: 2026-06-19 19:33 UTC Revised: 2026-06-19 19:35 UTC Confidence: 0.50 1 comment
Chronology
  1. emSign CA OCSP responder returned "Unauthorized" responses for three publicly logged precertificates where final certificates were not issued, and the responses remained available beyond the BR §4.9.9 15-minute window.
Thread Activity
  1. naveen.ml@emudhra.com — Posted a preliminary incident report describing unauthorized OCSP responses for three precertificates, citing BR §4.9.9 and Mozilla Root Store Policy §5.4, and stating the disclosure began from an external problem report followed by internal analysis.
Participants
naveen.ml@emudhra.com
External References
Original Bugzilla Case
Similar Local Cases
#2047843 ASSIGNED Externally Reported Incident Problem Reporting Failure Opened 2026-06-16 Still Open · 74% similar
Certigna: Pre-certificates not recognised by the OCSP responder
AI Summary CA Owner
#2047952 ASSIGNED Externally Reported Incident Problem Reporting Failure Opened 2026-06-16 Still Open · 72% similar
KIR: OCSP responder does not return status for precertificate
AI Summary CA Owner
#1886998 RESOLVED Problem Reporting Failure Opened 2024-03-22 · Closed 2024-08-28 · 59% similar
Microsec: Late response to a CPR
AI Summary CA Owner
#2048626 ASSIGNED Repository Issue Revocation Issue Externally Reported Incident Opened 2026-06-18 Still Open · 58% similar
Kamu SM: Incorrect CRL Served at SSL CRL Distribution Point
AI Summary CA Owner
#1970259 RESOLVED Certificate Misissuance Externally Reported Incident Opened 2025-06-03 · Closed 2025-08-26 · 58% similar
GoDaddy: Precertificates incorrectly logged to DigiCert SCT Logs
AI Summary CA Owner
#543881 VERIFIED Externally Reported Incident Security Incident Audit Finding Opened 2010-02-03 · Closed 2022-11-14 · 57% similar
please remove Wells Fargo from your listing of root CA's
AI Summary CA Owner
#1970727 RESOLVED Problem Reporting Failure Opened 2025-06-05 · Closed 2025-07-16 · 57% similar
eMudhra: Failure to respond to a Problem Report within 24 hours
AI Summary CA Owner
#1710206 RESOLVED Externally Reported Incident Certificate Misissuance Opened 2021-05-08 · Closed 2022-11-14 · 57% similar
Asseco DS / Certum: Incorrect localityName
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action