Firmaprofesional: Chrome Root Program Policy - Incorrect CCADB hierarchy associations
The bug reports an incident involving Firmaprofesional’s CCADB hierarchy associations for subordinate CA certificates. On 2026-07-10, the Chrome Root Program notified Firmaprofesional that four unexpired and unrevoked subordinate CA certificates were improperly disclosed in CCADB because their records were associated only with the 2009 self-signed root record and not with the Chrome-included 2014 root record, despite the 2009 and 2014 roots sharing the same Subject and SPKI. During reconciliation, Firmaprofesional identified three additional unexpired and unrevoked subordinate CA certificates in the same situation, bringing the known affected CCADB subordinate CA records to seven. Firmaprofesional applied provisional remediation on 2026-07-10 by updating the `Parent CA Owner/Certificate` field of the seven existing unique records so they are associated with the 2014 root record. The broader CCADB corpus review remains in progress, and Firmaprofesional requested confirmation from the Chrome Root Program that the re-association matches the expected CCADB representation. The incident remains under investigation pending completion of the corpus review and confirmation.
- Chrome Root Program notified Firmaprofesional that seven subordinate CA certificates were improperly associated in CCADB hierarchy records (initially four, expanded to seven during reconciliation).
- Firmaprofesional applied provisional remediation by updating the `Parent CA Owner/Certificate` field for the seven affected CCADB records to associate them with the 2014 root record.
- Community commenter — Chema (c**********z@firmaprofesional.com) posted a preliminary incident report describing the incorrect CCADB hierarchy associations, the seven affected subordinate CA records, and the provisional remediation plus ongoing corpus review and requested confirmation.