← Autoridad de Certificacion Firmaprofesional cases
Bugzilla #2054448 Self Reported Incident Certificate Misissuance

Firmaprofesional: Chrome Root Program Policy non-compliance for dedicated TLS hierarchy / EKU requirements (preliminary incident report)

UNCONFIRMED Autoridad de Certificacion Firmaprofesional
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

Firmaprofesional reported a Chrome Root Program incident regarding its Chrome-included root, `Autoridad de Certificacion Firmaprofesional CIF A62634068`. Chrome notified Firmaprofesional that unexpired and unrevoked subordinate CA certificates capable of validating to that root do not meet the dedicated TLS server authentication hierarchy requirements in the Chrome Root Program Policy. Firmaprofesional’s initial review confirmed seven affected subordinate CA certificates, including cases with missing `extendedKeyUsage` and cases with specific EKUs that do not satisfy the dedicated TLS hierarchy requirements. Firmaprofesional stated that it does not intend to seek continued inclusion of this hierarchy in the Chrome Root Store and plans to proceed with Chrome’s announced phase-out rather than seek an exemption or submit a replacement root. The report notes that the policy non-compliance is not considered contained at the preliminary stage because the affected CA certificates remain unexpired and unrevoked. Firmaprofesional also identified one additional affected certificate (`SIGNE Autoridad de Certificacion - 2020`) during its internal scope review.

Model: gpt-5.4-nano Generated: 2026-07-16 19:55 UTC Confidence: 0.55 1 comment
Chronology
  1. Chrome Root Program notified Firmaprofesional that unexpired, unrevoked subordinate CA certificates validating to its Chrome-included root do not meet dedicated TLS hierarchy/EKU requirements.
  2. Firmaprofesional submitted a preliminary incident report listing seven affected subordinate CA certificates and stating it will proceed with Chrome’s phase-out.
Thread Activity
  1. Autoridad de Certificacion Firmaprofesional — Filed a preliminary incident report describing Chrome’s notification, listing seven affected subordinate CA certificates (and one additional found internally), and stating Firmaprofesional will not seek continued inclusion or an exemption.
Participants
Autoridad de Certificacion Firmaprofesional Mozilla representative
External References
Similar Local Cases
#2009941 RESOLVED Certificate Misissuance Self Reported Incident Opened 2026-01-13 · Closed 2026-04-06 · 81% similar
Firmaprofesional: Misissuance of TLS Subordinate CA "AC Firmaprofesional - Secure Web 2024"
#1649726 RESOLVED Self Reported Incident Certificate Misissuance Opened 2020-07-01 · Closed 2023-02-22 · 79% similar
Firmaprofesional: 2020 Audit Report Finding 4 out of 4
#1889420 RESOLVED Self Reported Incident Opened 2024-04-03 · Closed 2024-09-04 · 71% similar
Firmaprofesional: Policy Qualifiers other than id-qt-cps present for certificate
#2026351 RESOLVED Self Reported Incident Certificate Misissuance Opened 2026-03-25 · Closed 2026-05-18 · 70% similar
Identrust: Root CrossSign, of dedicated Roots, missing EKU
#1506607 RESOLVED Self Reported Incident Certificate Misissuance Opened 2018-11-12 · Closed 2026-06-10 · 70% similar
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier
#1731586 RESOLVED Ca Certificate Compliance Self Reported Incident Certificate Misissuance Opened 2021-09-20 · Closed 2023-02-22 · 70% similar
SwissSign: Certificate with key length 16258
#1766255 RESOLVED Certificate Misissuance Self Reported Incident Opened 2022-04-25 · Closed 2023-02-22 · 70% similar
SwissSign: Mis-Issuance of S/MIME certificates
#1908130 RESOLVED Self Reported Incident Certificate Misissuance Opened 2024-07-16 · Closed 2024-08-28 · 70% similar
NAVER Cloud Trust Services: Incorrect keyUsage for ECC certificate

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action