← Netlock cases
Bugzilla #2052541 Problem Reporting Failure Incident Self Reported Incident

NETLOCK: Failure to Respond to a Certificate Problem Report Within 24 Hours

UNCONFIRMED Netlock
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

This case reports that Netlock failed to begin investigating and provide a preliminary report for a Certificate Problem Report (CPR) within 24 hours of receipt, as required by CA/Browser Forum TLS Baseline Requirements Section 4.9.5. The CPR was received at Netlock’s CCADB-disclosed problem-reporting address (compliance.info@netlock.hu) on 2026-06-10 at 23:48 UTC and referenced an OCSP error and an affected certificate issuance. The thread states that two mail-handling failures prevented the CPR from reaching Netlock’s dedicated compliance team: messages to compliance.info@netlock.hu were classified as spam and never surfaced to an internal warning list, and messages reaching secondary channels were not recognized as CPRs and were not escalated. As a result, Netlock did not provide an acknowledgment or preliminary report within the required 24 hours, and the first substantive reply reached the reporter 16 days later. The reporter states that the incident’s impact is limited to responsiveness to the CPR and does not involve any misissued or otherwise non-compliant certificate; the referenced certificate is addressed in a separate OCSP Full Incident Report. The report indicates Netlock’s dedicated compliance team became aware of the failure on 2026-06-28 and began reviewing mail-system logs, with systemic remediation scheduled to complete by 2026-08-03.

Model: gpt-5.4-nano Generated: 2026-07-04 18:22 UTC Confidence: 0.90 1 comment
Chronology
  1. Netlock received a CPR at its CCADB-disclosed problem-reporting address.
  2. Netlock’s dedicated compliance team became aware of the CPR-response failure via the public filing of Bug 2051459 and began reviewing mail-system logs.
Thread Activity
  1. kaluha.roland@netlock.hu — Filed a full incident report stating Netlock failed to respond to the CPR within 24 hours due to mail-handling failures and provided a timeline and remediation schedule.
Participants
kaluha.roland@netlock.hu
Related Bugzilla IDs Mentioned
Similar Local Cases
#2051459 UNCONFIRMED Problem Reporting Failure Incident Self Reported Incident Opened 2026-06-30 Still Open · 94% similar
NETLOCK: OCSP Service Returning Error for Issued Certificate; Failure to Respond to Certificate Problem Report Within 24 Hours
#2050274 ASSIGNED Incident Self Reported Incident Remediation Tracking Opened 2026-06-24 Still Open · 70% similar
FNMT: Delay in incident disclosure reporting for Bug 2049012
#2048995 ASSIGNED Incident Self Reported Incident Problem Reporting Failure Opened 2026-06-19 Still Open · 70% similar
eMudhra emSign PKI Services: OCSP Responder Returned "Unauthorized" for Some Pecertificates
#2041774 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Repository Issue Opened 2026-05-22 Still Open · 69% similar
OATI: AIA CA Issuer field pointing to PEM encoded cert
#2047952 ASSIGNED Problem Reporting Failure Incident Opened 2026-06-16 Still Open · 68% similar
KIR: OCSP responder does not return status for precertificate
#2032482 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Certificate Misissuance Opened 2026-04-16 Still Open · 68% similar
OATI: Misissuance detected by PKIMetal
#2007948 RESOLVED Self Reported Incident Incident Opened 2025-12-29 · Closed 2026-04-20 · 68% similar
NETLOCK: Full Incident Report was not published within 14 days of notification
#2013400 RESOLVED Self Reported Incident Incident Opened 2026-01-29 · Closed 2026-04-17 · 68% similar
NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action