Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of March 2021 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Mar 2021 15:00:24 + (GMT) CA Owner: SECOM Trust Systems CO., LTD. - Certificate Name: JPRS Organization Validation Authority - G3 SHA-256 Fingerprint: 21C066332D6B92DD9A253E2637684A5BC3E31357F863BED7A2F98C8459A33B62 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Domain Validation Authority - G3 SHA-256 Fingerprint: 659B7A518C6C9EB18AA1EB35AEBA7A0247817B898C1FA1840F97D2877D9A20E4 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 Comments: https://bugzilla.mozilla.org/show_bug.cgi?id=1695993 CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint: 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 Standard Audit Period End Date (mm/dd/): 11/27/2019 BR Audit Period End Date (mm/dd/): 11/27/2019 - Certificate Name: Intesa Sanpaolo Organization Validation CA SHA-256 Fingerprint: 27CDD699DE15EE88A05BB10ED9DF2FC5E4CA25B5FDD42988963A38EC8940D55A Standard Audit Period End Date (mm/dd/): 11/28/2019 BR Audit Period End Date (mm/dd/): 11/28/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of February 2021 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Feb 2021 15:00:16 + (GMT) CA Owner: SECOM Trust Systems CO., LTD. - Certificate Name: JPRS Organization Validation Authority - G3 SHA-256 Fingerprint: 90EE548EBACACAB40207A61A378CE186B94D24AE7C55BFC83065EA96072E2B38 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Domain Validation Authority - G3 SHA-256 Fingerprint: 11A27671872265445CB7258EB2844EE614D14777B9F6F73BE9532122F21FAD0D Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Organization Validation Authority - G3 SHA-256 Fingerprint: 04C1871C68607515389FA3B0CFB83DBE6A4AF05E8C80E745702969F240606E36 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Domain Validation Authority - G3 SHA-256 Fingerprint: 927E9BFC0D75C3146070C3F3AFDD4A2C10F765289124997CC52CFD1209E763CB Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Organization Validation Authority - G3 SHA-256 Fingerprint: 21C066332D6B92DD9A253E2637684A5BC3E31357F863BED7A2F98C8459A33B62 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 - Certificate Name: JPRS Domain Validation Authority - G3 SHA-256 Fingerprint: 659B7A518C6C9EB18AA1EB35AEBA7A0247817B898C1FA1840F97D2877D9A20E4 Standard Audit Period End Date (mm/dd/): 10/29/2019 BR Audit Period End Date (mm/dd/): 10/29/2019 CA Owner: Amazon Trust Services - Certificate Name: Amazon SHA-256 Fingerprint: F55F9FFCB83C73453261601C7E044DB15A0F034B93C05830F28635EF889CF670 Standard Audit Period End Date (mm/dd/): 10/31/2019 BR Audit Period End Date (mm/dd/): 10/31/2019 - Certificate Name: Amazon SHA-256 Fingerprint: 4A1FF6BBF481170D3B773CEC1F3A84DE3B5096575CDBF8B08432209318CA0FBD Standard Audit Period End Date (mm/dd/): 10/31/2019 BR Audit Period End Date (mm/dd/): 10/31/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of December 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 1 Dec 2020 15:00:43 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: UZI-register Medewerker niet op naam CA G3 SHA-256 Fingerprint: 972957304031234ED17679FDCB97556D6173D5F2BF0E6E66D612680CA6E77685 Standard Audit Period End Date (mm/dd/): 08/31/2019 - Certificate Name: UZI-register Medewerker op naam CA G3 SHA-256 Fingerprint: D28DB435E31212A3BDCCF87620F6544B99A9C02328BF983E882FD0627A1D130F Standard Audit Period End Date (mm/dd/): 08/31/2019 - Certificate Name: UZI-register Zorgverlener CA G3 SHA-256 Fingerprint: 507DB60D263D3D09D283DE2E3AA435DFD8775E52BC335702E3832BBB57EC1CBD Standard Audit Period End Date (mm/dd/): 08/31/2019 - Certificate Name: UZI-register Medewerker op naam CA G3 SHA-256 Fingerprint: D8553A2880E96B7AA4C7413DD903AFD3D580504695DD26A168FD48CCE7B1474A Standard Audit Period End Date (mm/dd/): 08/31/2019 - Certificate Name: UZI-register Zorgverlener CA G3 SHA-256 Fingerprint: 3EAD4F72F06F1054881D2728DE033A8E13FADE6BD165084018EB943C17378DAA Standard Audit Period End Date (mm/dd/): 08/31/2019 - Certificate Name: UZI-register Medewerker niet op naam CA G3 SHA-256 Fingerprint: 38DED3FF6827579008AF4887EB9698A3CFA927FA8ED59F06BA090FB9A63E2D77 Standard Audit Period End Date (mm/dd/): 08/31/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of November 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Nov 2020 15:00:07 + (GMT) CA Owner: AC Camerfirma, S.A. - Certificate Name: MULTICERT SSL Certification Authority 001 SHA-256 Fingerprint: 06A57D1CD5879FBA2135610DD8D725CC268D2A6DE8A463D424C4B9DA89848696 Standard Audit Period End Date (mm/dd/): 07/18/2019 BR Audit Period End Date (mm/dd/): 07/18/2019 - Certificate Name: DigitalSign Primary CA SHA-256 Fingerprint: 8101C3BAF9D0EDD71180D1F37D6D75B77B0E8CFB593D342C3A31E467985D4A74 Standard Audit Period End Date (mm/dd/): 07/22/2019 BR Audit Period End Date (mm/dd/): 07/22/2019 CA Owner: QuoVadis - Certificate Name: DigitalSign Qualified CA - G4 SHA-256 Fingerprint: 41678B8897E635DEA03B6E48565E267BA5AAC3B8F4DC4B74B7A0A9748CFDD35E Standard Audit Period End Date (mm/dd/): 07/22/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of October 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 6 Oct 2020 14:00:25 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: CE2332390208742A1ACA6513974C4C9DB2691EAF4568B533E4A17ED5DDA973E6 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Server CA 2020 SHA-256 Fingerprint: EB2C2A806C69FC963C4E24A5BBEA20ED4E3B86AE798730BB4EEA51BF9DE33325 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: 15073C6BBDC74699A88518C27A57C956E5E23D6CA9619E521A468C7873DE4F8A Standard Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Services CA - G3 SHA-256 Fingerprint: BECFDE124CEDD344D925CB55EDDA662D9A9C0688FA9A0870CE3DBB6DA4313E4E Standard Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: 85363A24CB1B66E6CF6244E87D243DBB8306F607357C614CB9C4C224A0E04358 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 Bug Filed: https://bugzilla.mozilla.org/show_bug.cgi?id=1669518 CA Owner: DigiCert - Certificate Name: thawte Primary Transition Root SHA-256 Fingerprint: DBA1097710F3C629943C23DC7503AC82B9142825EF049F1C26538DB36B480549 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: TrustWise G3 SHA-256 Fingerprint: DD563A271590588CC055685E368CB02F6DED343186358B3A3814B2AA97005525 Standard Audit Period End Date (mm/dd/): 06/21/2019 - Certificate Name: Government of Malta e-Mail Certificate Service CA G3 SHA-256 Fingerprint: 0054DD53C74523CD542979850828F0F3CD18228687D4ED4AE345B5FEADE1FC9C Standard Audit Period End Date (mm/dd/): 06/21/2019 CA Owner: Asseco Data Systems S.A. (previously Unizeto Certum) - Certificate Name: SSL.com Root Certification Authority RSA SHA-256 Fingerprint: ACF718DF838E640051777D1947F51620E8D804BA186553AE52FC9811B5D34B8B Standard Audit Period End Date (mm/dd/): 06/30/2019 Code Signing Audit Period End Date (mm/dd/): 06/30/2019 BR Audit Period End Date (mm/dd/): 06/30/2019 EV SSL Audit Period End Date (mm/dd/): 06/30/2019 - Certificate Name: SSL.com EV Root Certification Authority RSA R2 SHA-256 Fingerprint: B97176F21B6ED64609267B2D1A2A9FAF0C4DEBD44644DC85EB6AE986FC867D56 Standard Audit Period End Date (mm/dd/): 06/30/2019 Code Signing Audit Period End Date (mm/dd/): 06/30/2019 BR Audit Period End Date (mm/dd/): 06/30/2019 EV SSL Audit Period End Date (mm/dd/): 06/30/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of September 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 1 Sep 2020 14:00:20 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: CE2332390208742A1ACA6513974C4C9DB2691EAF4568B533E4A17ED5DDA973E6 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Server CA 2020 SHA-256 Fingerprint: 5E99DD4A92307B92C495C56E24241DD79B4579D3CD0AD1ECC6D9D24A7981CA98 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Server CA 2020 SHA-256 Fingerprint: EB2C2A806C69FC963C4E24A5BBEA20ED4E3B86AE798730BB4EEA51BF9DE33325 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid EV CA SHA-256 Fingerprint: ED3DB748D6D78EEFF0B9452BC6A02E039039C55075A439323B8BA85FB21B9DDA Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 EV SSL Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: 15073C6BBDC74699A88518C27A57C956E5E23D6CA9619E521A468C7873DE4F8A Standard Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Services CA - G3 SHA-256 Fingerprint: BECFDE124CEDD344D925CB55EDDA662D9A9C0688FA9A0870CE3DBB6DA4313E4E Standard Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: 85363A24CB1B66E6CF6244E87D243DBB8306F607357C614CB9C4C224A0E04358 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 CA Owner: DigiCert - Certificate Name: DigiCert TLS ICA VRSN Universal SHA-256 Fingerprint: BA5B6E5DFEBDAE1C80BD72790BC85BCC6538AB4613023DA706CE826415F5E5B3 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert TLS ICA GeoTrust PCA-G3 SHA-256 Fingerprint: 95D9A8D30F6B1C069C296B3E106BC3CE01EB84AD57860D0F46BF7F15D053B1C0 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert TLS ICA Thawte PCA-G3 SHA-256 Fingerprint: 56E4F454D982DCDCE611B7B707DB12C533EAC29A25F4A5307E1C065713B0DC8E Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert TLS ICA GeoTrust Global SHA-256 Fingerprint: 516D856D0353BA69FFEB9C1EBA035D780844857006ECE99C051EC19C10C36CD5 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert Transition RSA Root SHA-256 Fingerprint: 0D88900DBB68C6CA5471F653FCACD407EBD7B1519046F9E0B8CED3C274FD11A1 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert Transition ECC Root SHA-256 Fingerprint: DB98194E55B936D26E6CB3F460A262EB6CA66337E7BFF17A0BFC083251F63626 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: thawte Primary G3 Transition Root SHA-256 Fingerprint: 85743AEA6A97C13445E0824C2E1FE502B97ADD124A97EF5120FE07F55812FC33 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: GeoTrust Primary Transition Root SHA-256 Fingerprint: F54F6CED56CF682B570A6CAEC313E9482760DE12E8F928AE30452C4C66AC761A Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 - Certificate Name: DigiCert Universal Transition Root SHA-256 Fingerprint: 88A07073D4527069DC9E978053F35729705C058302648ED02E5FCE6561459E61 Standard Audit Period End Date (mm/dd/): 05/31/2019 BR Audit Period End Date (mm/dd/): 05/31/2019 CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 90FFC5150CE0535069E7E5EF961E4047FB0861A140732C8CEDC7E8D58EB59BD1 Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院內政部憑證管理中心 (MOICA) SHA-256 Fingerprint: 45111450FB31EF5137E4B7CFF9EE2BEF23E8BBFD165086DFBD93DF2F329B785E Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256 Fingerprint: A05EE43E556C8C2A38766D0377FB486806D169EA195E69CD873381D8EAB7DFCD Standard Audit Period
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of August 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 4 Aug 2020 14:00:25 + (GMT) CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 90FFC5150CE0535069E7E5EF961E4047FB0861A140732C8CEDC7E8D58EB59BD1 Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院內政部憑證管理中心 (MOICA) SHA-256 Fingerprint: 45111450FB31EF5137E4B7CFF9EE2BEF23E8BBFD165086DFBD93DF2F329B785E Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256 Fingerprint: A05EE43E556C8C2A38766D0377FB486806D169EA195E69CD873381D8EAB7DFCD Standard Audit Period End Date (mm/dd/): 03/31/2019 Comments on Government Root Certification Authority - Taiwan: CKA_NSS_SERVER_DISTRUST_AFTER set to 9/19/2019 in NSS 3.53, Firefox 78. https://bugzilla.mozilla.org/show_bug.cgi?id=1621159 CA Owner: Asseco Data Systems S.A. (previously Unizeto Certum) - Certificate Name: UCA Global G2 Root SHA-256 Fingerprint: C1AFC65B1E813B0E6146E6AA5341681272ABE9A38D59F7BD1B27B729834A0D9C Standard Audit Period End Date (mm/dd/): 04/30/2019 BR Audit Period End Date (mm/dd/): 04/30/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of July 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 7 Jul 2020 14:00:11 + (GMT) CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 90FFC5150CE0535069E7E5EF961E4047FB0861A140732C8CEDC7E8D58EB59BD1 Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院內政部憑證管理中心 (MOICA) SHA-256 Fingerprint: 45111450FB31EF5137E4B7CFF9EE2BEF23E8BBFD165086DFBD93DF2F329B785E Standard Audit Period End Date (mm/dd/): 03/31/2019 BR Audit Period End Date (mm/dd/): 03/31/2019 - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256 Fingerprint: A05EE43E556C8C2A38766D0377FB486806D169EA195E69CD873381D8EAB7DFCD Standard Audit Period End Date (mm/dd/): 03/31/2019 Comments on Government Root Certification Authority - Taiwan: CKA_NSS_SERVER_DISTRUST_AFTER set to 9/19/2019 in NSS 3.53, Firefox 78. https://bugzilla.mozilla.org/show_bug.cgi?id=1621159 Email trust bit disabled in NSS 3.54, Firefox 79. https://bugzilla.mozilla.org/show_bug.cgi?id=1621151 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of June 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Jun 2020 14:00:11 + (GMT) intermediate certs chaining up to root certs in Mozilla's program.> ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
On 5/6/20 5:19 AM, Ryan Sleevi wrote: Should we be creating CA incidents for repeats? I wasn’t sure if this was just an administrative hiccup on the Mozilla side in processing the case, or if this is a matter where the CA is not disclosing in a timely fashion. CAs directly add audit information to intermediate certificate records in the CCADB, so there is no dependency on the Mozilla side for this. https://wiki.mozilla.org/CA/Email_templates#Outdated_Audit_Statements_for_Intermediate_Certificates "This email is automatically sent by the CCADB on the first Tuesday of each month to CAs who have outdated audit statements in their intermediate cert records. An audit statement is determined to be outdated when its Audit Period End Date is older than 1 year + 3 months." Last year I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1549861 regarding Camerfirma not providing updated audit statements for their subCAs. This year Camerfirma received one notice for the outdated audit statement for an intermediate cert, before they fixed it. I didn't post the "Summary of April 2020 Outdated Audit Statements for Intermediate Certs" here in m.d.s.p, because it was empty. But perhaps I should post those empty summaries as well. Anyways, my preference is to file a CA incident bug whenever a CA receives more than one of these "Outdated Audit Statements for Intermediate Certs" reminders for consecutive months. Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Sorry for the delayed reply here, but in the process of being surprised that there are still CAs with delays > 90 days, I was looking through historic patterns, and noticed this CA is a repeat from the year prior. That is, this CA, https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg13051.html , had the same issue last year as well, https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg12100.html Should we be creating CA incidents for repeats? I wasn’t sure if this was just an administrative hiccup on the Mozilla side in processing the case, or if this is a matter where the CA is not disclosing in a timely fashion. On Tue, Mar 3, 2020 at 12:30 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Forwarded Message > Subject: Summary of March 2020 Outdated Audit Statements for > Intermediate Certs > Date: Tue, 3 Mar 2020 15:00:16 + (GMT) > > CA Owner: AC Camerfirma, S.A. > - Certificate Name: InfoCert Organization Validation CA 3 > SHA-256 Fingerprint: > 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 > Standard Audit Period End Date (mm/dd/): 12/02/2018 > BR Audit Period End Date (mm/dd/): 12/02/2018 > > > > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of May 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 5 May 2020 14:00:08 + (GMT) CA Owner: SECOM Trust Systems CO., LTD. - Certificate Name: SECOM Passport for Web MH CA SHA-256 Fingerprint: 4E62A252592F9D71FFE2037757F855D4A0235D6638BD105E9EF17086CE2BBC25 Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 - Certificate Name: FujiSSL Public Validation Authority - G3 SHA-256 Fingerprint: 56DA6EFEF1D504134C72EEDC3AE44AA7FA11B848820DBFAA86CA8E35D60EDB04 Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 - Certificate Name: CrossTrust DV CA5 SHA-256 Fingerprint: 18F4368FE93B3CAE025230BCE7EAD340FD90FB27F9A10E36FEE89FC454F22788 Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 - Certificate Name: CrossTrust OV CA5 SHA-256 Fingerprint: 79C4091B05B15C1683128B7A355E0AAD62E1BBBC3E5F3735370C06CC4D1AFB44 Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 - Certificate Name: EINS/PKI Public Certification Authority V4 SHA-256 Fingerprint: 38B26CF45C932EA28019D93E440AC72BAE83F9CBF52D6AD913698B18FCC8717D Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 - Certificate Name: KDDI Web Communications Certification Authority 3 SHA-256 Fingerprint: 2B30D5E912906358C9AD6FB57FD7B368A01A78E395B4EC11645C5B98A0967DE8 Standard Audit Period End Date (mm/dd/): 01/29/2019 BR Audit Period End Date (mm/dd/): 01/29/2019 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of March 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Mar 2020 15:00:16 + (GMT) CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint: 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 Standard Audit Period End Date (mm/dd/): 12/02/2018 BR Audit Period End Date (mm/dd/): 12/02/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of February 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 4 Feb 2020 15:00:09 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: Digidentity BV PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: 705610723C9613F6413181CADF73D51071BD761FDA491423E1ABD001501B64F3 Standard Audit Period End Date (mm/dd/): 10/31/2018 BR Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Digidentity BV PKIoverheid Burger CA - G3 SHA-256 Fingerprint: 21CADB7CD822EA13B496E25ABB8151C7FB00EFBB1EE458A3B4A4F3C16BC3C16F Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Digidentity BV PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: 533FE97EB45FCED24049E41EFE9DB254A5DD9D90DFD53C9512C6207EDB21D82C Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Digidentity BV PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: C7422DE21CEBC92ECAE6BE9DCD7E711EE650D30AED711FBB0DF6B2C784B6C4FB Standard Audit Period End Date (mm/dd/): 10/31/2018 BR Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Digidentity Burger CA - G2 SHA-256 Fingerprint: FCCC115022CE66FD106511E376F439C865E54A485040E633C2996945CEABEA01 Standard Audit Period End Date (mm/dd/): 10/31/2018 BR Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Digidentity Organisatie CA - G2 SHA-256 Fingerprint: 5294C86E349E6A3390EA5BD2D814907D831666EE61C57D9170D609A16FD356F3 Standard Audit Period End Date (mm/dd/): 10/31/2018 BR Audit Period End Date (mm/dd/): 10/31/2018 CA Owner: DigiCert - Certificate Name: Gaitame CA - G3 SHA-256 Fingerprint: D20118563ACC4AB2D1DF217E3974D00877F71D2B74959F43FED33C45EBF5FB31 Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: DATACENTER CA - G2 SHA-256 Fingerprint: EA70CA9465E25593BAB909A9DBF8F095C0B20BFBB54F1D185D464CCC8A431F4B Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Corporate CA - G3 SHA-256 Fingerprint: 75DF381EC1FDBD3F5F662A3CFCF2F7A35C5F58CFB26AF977D9B8ABB82DCEE208 Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: DAIICHI SANKYO COMPANY Public CA - G2 SHA-256 Fingerprint: 68361FD0131D79AC91C9939F3E5479CA32E2BE419A7CF519E026F992234509EE Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: FFAJ Public CA - G2 SHA-256 Fingerprint: FE27C2688969B46B83A585AAF53E009AD0D75B4DF64EAB9C085B8F3EBC8EF252 Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: NTT DOCOMO Group CA - G2 SHA-256 Fingerprint: A75939F270BA6F23ECEE83C70A3755EB46449FE2707FF01D626FB745158F9413 Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Gaitame CA - G3 SHA-256 Fingerprint: 58F0778CB9969B09B24BDC96A03091B0AA98BAFF9C23F82B78B061035D85A65F Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Astellas Global SMIME CA - G2 SHA-256 Fingerprint: B2ED9A6D9B6C48DD1494EE0CD4802179F6208C7F75894DE2607E16573BE464AE Standard Audit Period End Date (mm/dd/): 10/31/2018 - Certificate Name: Application Service CA SHA-256 Fingerprint: 2B3188332031E548FE424A7A3ABB47701FA089D9D0EEAE35585CA72974BDA69C Standard Audit Period End Date (mm/dd/): 10/31/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of December 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Dec 2019 15:00:22 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: UZI-register Medewerker niet op naam CA G3 SHA-256 Fingerprint: 972957304031234ED17679FDCB97556D6173D5F2BF0E6E66D612680CA6E77685 Standard Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: UZI-register Medewerker op naam CA G3 SHA-256 Fingerprint: D28DB435E31212A3BDCCF87620F6544B99A9C02328BF983E882FD0627A1D130F Standard Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: UZI-register Zorgverlener CA G3 SHA-256 Fingerprint: 507DB60D263D3D09D283DE2E3AA435DFD8775E52BC335702E3832BBB57EC1CBD Standard Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: Zorg CSP CA G21 SHA-256 Fingerprint: 7AA7163D2D77A62284F3066C8DAF6E1E745C5F7EAE1585BE13F8748856E72809 Standard Audit Period End Date (mm/dd/): 08/31/2018 BR Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: UZI-register Medewerker op naam CA G3 SHA-256 Fingerprint: D8553A2880E96B7AA4C7413DD903AFD3D580504695DD26A168FD48CCE7B1474A Standard Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: UZI-register Zorgverlener CA G3 SHA-256 Fingerprint: 3EAD4F72F06F1054881D2728DE033A8E13FADE6BD165084018EB943C17378DAA Standard Audit Period End Date (mm/dd/): 08/31/2018 - Certificate Name: UZI-register Medewerker niet op naam CA G3 SHA-256 Fingerprint: 38DED3FF6827579008AF4887EB9698A3CFA927FA8ED59F06BA090FB9A63E2D77 Standard Audit Period End Date (mm/dd/): 08/31/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
On 4/2/19 1:10 PM, Kathleen Wilson wrote: All, CCADB sends email on the first Tuesday of each month to CAs with outdated audit statements in their intermediate cert records. An audit statement is determined to be outdated when its Audit Period End Date is older than 1 year + 3 months. https://wiki.mozilla.org/CA/Email_templates#Outdated_Audit_Statements_for_Intermediate_Certificates Below is the summary of the email that was sent today. Kathleen Forwarded Message Subject: Summary of November 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 5 Nov 2019 15:00:05 + (GMT) At this time, there appears to be no outdated audit statements for intermediate certs chaining up to root certs in Mozilla's program. Thanks, Kathleen PS: This only applies to audit statements that have been provided in the CCADB for intermediate cert records. According to Audit Letter Validation (ALV), there are still many intermediate certs for which their SHA-256 Fingerprints are not being found in the required audit statements. This could either be due to ALV not finding the data that is actually there or due to the intermediate cert not having the required audits provided in the CCADB. The discussion about ALV on intermediate certs may be found here: https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/M7NGwCh14DI The discussion about adding SHA-256 formatting requirements to the CCADB Policy may be found here: https://groups.google.com/d/msg/mozilla.dev.security.policy/kiSKeeBMVWQ/fvmfsU2XDgAJ ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of October 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 1 Oct 2019 14:00:16 + (GMT) CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256 Fingerprint: A05EE43E556C8C2A38766D0377FB486806D169EA195E69CD873381D8EAB7DFCD Standard Audit Period End Date (mm/dd/): 06/30/2018 BR Audit Period End Date (mm/dd/): 06/30/2018 - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256 Fingerprint: A8B4863230F40A263327965F43F5C00752B531ED7DF9B21DC7E74B6E911AE4A8 Standard Audit Period End Date (mm/dd/): 06/30/2018 BR Audit Period End Date (mm/dd/): 06/30/2018 CA Owner: Asseco Data Systems S.A. (previously Unizeto Certum) - Certificate Name: SSL.com Root Certification Authority RSA SHA-256 Fingerprint: ACF718DF838E640051777D1947F51620E8D804BA186553AE52FC9811B5D34B8B Standard Audit Period End Date (mm/dd/): 06/30/2018 BR Audit Period End Date (mm/dd/): 06/30/2018 EV SSL Audit Period End Date (mm/dd/): 06/30/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of September 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Sep 2019 14:00:41 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: KPN BV PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: 5679A431E79D4EB9EE967C60D8703C7C78F443F71DB97157E43059DE42D850DF Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN CM PKIoverheid EV CA SHA-256 Fingerprint: 4B24C521C47600E83800A3FF0C2D58DC02C8177EF7DA697C5A80C1D4867A66DD Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 EV SSL Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN PKIoverheid EV CA SHA-256 Fingerprint: 5DB1D22D706684F0719E8902FB86B346B3FC9E4D1A1F92283A488BC3D1A0484B Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 EV SSL Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN PKIoverheid Organisatie CA - G2 SHA-256 Fingerprint: 8F2566A8FCCF6AE8C358B0B8A6D8C7FF0AB16341636478C8BB544E9DD6AA6011 Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN Corporate Market CSP Organisatie CA - G2 SHA-256 Fingerprint: CB37E05DBC455A09481F3EF56AAC7E887676A4B61346394E6EE6A9447EA8D6BD Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: 3F785025BCCFACA4701A1734CE0F7B30CE4106942C8D92F41B70B067ED65D354 Standard Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN BV PKIoverheid Organisatie Server CA - G3 SHA-256 Fingerprint: 7E082BBC56976B159D4696540A96B60148614BA9B5E29B2035F789BECFBF0657 Standard Audit Period End Date (mm/dd/): 05/31/2018 BR Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN BV PKIoverheid Organisatie Services CA - G3 SHA-256 Fingerprint: F22DB657A1A929841ABCAC52671A5CEE8A7D069586AF85CE16DE2B05DDA22252 Standard Audit Period End Date (mm/dd/): 05/31/2018 - Certificate Name: KPN BV PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: A9B5698C5263BEFF3D60720DC1844CB95D16F06E04268BCE3BE4D60282B01EF9 Standard Audit Period End Date (mm/dd/): 05/31/2018 CA Owner: LuxTrust - Certificate Name: LuxTrust Corporate CA SHA-256 Fingerprint: AE373E488DD13DEF71611D52F0B5179DD648241A381F67A80734F6615FF6E6CA Standard Audit Period End Date (mm/dd/): 03/30/2018 Bug Filed: https://bugzilla.mozilla.org/show_bug.cgi?id=1578505 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of August 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 6 Aug 2019 14:01:29 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: Cleverbase ID PKIoverheid Burger CA - G3 SHA-256 Fingerprint: 5C80E569FCEE93F15A2BC0435102B26A04F5AA1EC9912C13A05881C1AAD502D2 Standard Audit Period End Date (mm/dd/): 04/15/2018 - Certificate Name: Cleverbase ID PKIoverheid Burger CA - G3 SHA-256 Fingerprint: DE0A92E5435B613208DC435ECC7158BF28F420A93E0A91D5965972053F523549 Standard Audit Period End Date (mm/dd/): 04/15/2018 CA Owner: LuxTrust - Certificate Name: LuxTrust Corporate CA SHA-256 Fingerprint: AE373E488DD13DEF71611D52F0B5179DD648241A381F67A80734F6615FF6E6CA Standard Audit Period End Date (mm/dd/): 03/30/2018 CA Owner: DigiCert - Certificate Name: Verizon Public SureCodeSign CA G14-SHA2 SHA-256 Fingerprint: FEB915628C979E06F171805D6D2702C0270420BD46BF6011D03623FC932454FC Standard Audit Period End Date (mm/dd/): 04/30/2018 - Certificate Name: Verizon Public SureServer CA G14-SHA2 SHA-256 Fingerprint: 675C1C5DBB08E9FA2C817B86D5FC896810349A2F47DD64938A2BACA64997C8BB Standard Audit Period End Date (mm/dd/): 04/30/2018 BR Audit Period End Date (mm/dd/): 04/30/2018 CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 90FFC5150CE0535069E7E5EF961E4047FB0861A140732C8CEDC7E8D58EB59BD1 Standard Audit Period End Date (mm/dd/): 03/31/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
I apologize for the delay in forwarding this to m.d.s.p -- I was on vacation when this audit reminder email was sent. Forwarded Message Subject: Summary of July 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Jul 2019 14:00:21 + (GMT) CA Owner: LuxTrust - Certificate Name: LuxTrust Corporate CA SHA-256 Fingerprint: AE373E488DD13DEF71611D52F0B5179DD648241A381F67A80734F6615FF6E6CA Standard Audit Period End Date (mm/dd/): 03/30/2018 CA Owner: Autoridad de Certificacion Firmaprofesional - Certificate Name: SIGNE Autoridad de Certificacion SHA-256 Fingerprint: 1CB470728CF56F302003BB0E4EB062414FA11D4F97E3F061170C96C88071D711 Standard Audit Period End Date (mm/dd/): 03/28/2018 - Certificate Name: SIGNE Autoridad de Certificacion SHA-256 Fingerprint: 0431D736C77697A0310103C6F890BC41C3A3BB81128ADE8D3C3461B4028D4413 Standard Audit Period End Date (mm/dd/): 03/28/2018 CA Owner: Entrust - Certificate Name: LAWtrust2048 CA2 SHA-256 Fingerprint: 4957DED341054641139CBAB3B96006545D094D449590FB08AE9A78D05A40BD83 Standard Audit Period End Date (mm/dd/): 12/31/2017 Comment: Audit statement was updated on July 9, 2019. CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 90FFC5150CE0535069E7E5EF961E4047FB0861A140732C8CEDC7E8D58EB59BD1 Standard Audit Period End Date (mm/dd/): 03/31/2018 - Certificate Name: 行政院內政部憑證管理中心 (MOICA) SHA-256 Fingerprint: 45111450FB31EF5137E4B7CFF9EE2BEF23E8BBFD165086DFBD93DF2F329B785E Standard Audit Period End Date (mm/dd/): 03/31/2018 - Certificate Name: 行政院工商憑證管理中心 (MOEACA) SHA-256 Fingerprint: 0CF08B01E554EB7631D4916E9E8C5398AF994242A26CA388638622A0E59FF379 Standard Audit Period End Date (mm/dd/): 03/31/2018 - Certificate Name: 行政院內政部憑證管理中心 (MOICA) SHA-256 Fingerprint: C4C462DE463F856804DC898338D2CECB55FBA74155851599D8FB7D70218FD1BE Standard Audit Period End Date (mm/dd/): 03/31/2018 CA Owner: Amazon Trust Services - Certificate Name: Amazon SHA-256 Fingerprint: F55F9FFCB83C73453261601C7E044DB15A0F034B93C05830F28635EF889CF670 Standard Audit Period End Date (mm/dd/): 03/31/2018 BR Audit Period End Date (mm/dd/): 03/31/2018 - Certificate Name: Amazon SHA-256 Fingerprint: 4A1FF6BBF481170D3B773CEC1F3A84DE3B5096575CDBF8B08432209318CA0FBD Standard Audit Period End Date (mm/dd/): 03/31/2018 BR Audit Period End Date (mm/dd/): 03/31/2018 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Forwarded Message Subject: Summary of June 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 4 Jun 2019 14:00:16 + (GMT) CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint: 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 Standard Audit Period End Date (mm/dd/): 12/06/2017 BR Audit Period End Date (mm/dd/): 12/06/2017 - Certificate Name: Intesa Sanpaolo Organization Validation CA SHA-256 Fingerprint: 27CDD699DE15EE88A05BB10ED9DF2FC5E4CA25B5FDD42988963A38EC8940D55A Standard Audit Period End Date (mm/dd/): 12/07/2017 BR Audit Period End Date (mm/dd/): 12/07/2017 Comment: Incident Report for these outdated audit statements https://bugzilla.mozilla.org/show_bug.cgi?id=1549861 CA Owner: Sectigo - Certificate Name: D-TRUST CA 2-1 2015 SHA-256 Fingerprint: 081998D3D9F7E4CD9DA6A429470BF5D44280325244FA0E01EE5F972CA19F4852 Standard Audit Period End Date (mm/dd/): 02/19/2018 CA Owner: DigiCert - Certificate Name: Siemens Internet CA V1.0 SHA-256 Fingerprint: 67E5B507C861CE7180BC3DB7D37D2F5CAE755831E212E32225F6294694B2EA49 Standard Audit Period End Date (mm/dd/): 02/25/2018 BR Audit Period End Date (mm/dd/): 02/25/2018 - Certificate Name: Siemens Internet CA V1.0 SHA-256 Fingerprint: 24E56F48604446D8A8373B43CA29D1A1C49772E5AABA8BA7C17662BD60DA8DF6 Standard Audit Period End Date (mm/dd/): 02/25/2018 BR Audit Period End Date (mm/dd/): 02/25/2018 - Certificate Name: Siemens Issuing CA Multipurpose 2013 SHA-256 Fingerprint: 89D2EBFBAFD59C6A1C83EC6C035316145704F895363370D015B8F62595A0497A Standard Audit Period End Date (mm/dd/): 02/25/2018 - Certificate Name: Siemens Internet CA V1.0 SHA-256 Fingerprint: 3EBF5FFEC582D27C693D1BC30104A63BBBFC3652C78A95027E91B7F88DAC6345 Standard Audit Period End Date (mm/dd/): 02/25/2018 BR Audit Period End Date (mm/dd/): 02/25/2018 - Certificate Name: Siemens Issuing CA EE Enc 2013 SHA-256 Fingerprint: F5629F8E16AA288B21CF253225FAB8A9CE15C468781C1E74284079728EFF2FDA Standard Audit Period End Date (mm/dd/): 02/25/2018 BR Audit Period End Date (mm/dd/): 02/25/2018 CA Owner: Entrust - Certificate Name: LAWtrust2048 CA2 SHA-256 Fingerprint: 4957DED341054641139CBAB3B96006545D094D449590FB08AE9A78D05A40BD83 Standard Audit Period End Date (mm/dd/): 12/31/2017 Comment: Incident Report for this outdated audit statement https://bugzilla.mozilla.org/show_bug.cgi?id=1549862 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminders for Intermediate Certs
Here's the summary of the email that was sent today to remind CAs about outdated audit statements for their intermediate certs. Forwarded Message Subject: Summary of May 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 7 May 2019 CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint: 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 Standard Audit Period End Date (mm/dd/): 12/06/2017 BR Audit Period End Date (mm/dd/): 12/06/2017 - Certificate Name: Intesa Sanpaolo Organization Validation CA SHA-256 Fingerprint: 27CDD699DE15EE88A05BB10ED9DF2FC5E4CA25B5FDD42988963A38EC8940D55A Standard Audit Period End Date (mm/dd/): 12/07/2017 BR Audit Period End Date (mm/dd/): 12/07/2017 - Certificate Name: MULTICERT SSL Certification Authority 001 SHA-256 Fingerprint: 06A57D1CD5879FBA2135610DD8D725CC268D2A6DE8A463D424C4B9DA89848696 Standard Audit Period End Date (mm/dd/): 12/19/2017 BR Audit Period End Date (mm/dd/): 12/19/2017 Comment: Incident Report for these outdated audit statements https://bugzilla.mozilla.org/show_bug.cgi?id=1549861 CA Owner: DigiCert - Certificate Name: ABN AMRO CA - G2 SHA-256 Fingerprint: AF6BFC9FF646FA900FEA0D79B89932304E27F84CC9E261BDE52B0EC04CF5AD85 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: ABN AMRO CA - G2 SHA-256 Fingerprint: B91AF4B7FFC8DB435304212030724BECB2F23686552149FD671339C9528A65F9 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: ABN AMRO Test CA - G2 SHA-256 Fingerprint: 52D90CEF761E2458A8B51638EF0A0513584EBA986E740C573AD2A73882818EE9 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: Philips Extranet CA - G4 SHA-256 Fingerprint: E20AFEA72530C529D4046852144A267337221C5BE303528C07EF640BCAD6F091 Standard Audit Period End Date (mm/dd/): 07/22/2017 - Certificate Name: Shell Information Technology International CA - G3 SHA-256 Fingerprint: 91603DADB54CBCDEDD43805EA7A272EB31DF8444775064A01821C2B650890DCE Standard Audit Period End Date (mm/dd/): 07/22/2017 Comment: Incident Report for these outdated audit statements https://bugzilla.mozilla.org/show_bug.cgi?id=1539296 CA Owner: Entrust - Certificate Name: LAWtrust2048 CA2 SHA-256 Fingerprint: 4957DED341054641139CBAB3B96006545D094D449590FB08AE9A78D05A40BD83 Standard Audit Period End Date (mm/dd/): 12/31/2017 Comment: Incident Report for this outdated audit statement https://bugzilla.mozilla.org/show_bug.cgi?id=1549862 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Audit Reminders for Intermediate Certs
All, CCADB sends email on the first Tuesday of each month to CAs with outdated audit statements in their intermediate cert records. An audit statement is determined to be outdated when its Audit Period End Date is older than 1 year + 3 months. https://wiki.mozilla.org/CA/Email_templates#Outdated_Audit_Statements_for_Intermediate_Certificates Below is the summary of the email that was sent today. Kathleen Forwarded Message Subject: Summary of April 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Apr 2019 14:00:24 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: MinIenW PKIoverheid Organisatie Services CA - G3 SHA-256 Fingerprint: 16C94A8CCC15C983825B5BD3F2DC68D694C8A320F2328ECD8C9CA57DE51DA0E5 Standard Audit Period End Date (mm/dd/): 11/15/2017 - Certificate Name: MinIenW PKIoverheid Organisatie Persoon CA - G3 SHA-256 Fingerprint: 0664F1D1A7355700201D2F4431DC43B0BCEAB129A8CABFD4ED87D04341EF Standard Audit Period End Date (mm/dd/): 11/15/2017 - Certificate Name: MinIenM Organisatie CA - G2 SHA-256 Fingerprint: BDD191FD3B4AC34B4D2F62EFAFBD07CEAB6581BCFE6C129F5916F1892FBD5394 Standard Audit Period End Date (mm/dd/): 11/15/2017 - Certificate Name: MinIenM Autonome Apparaten CA - G2 SHA-256 Fingerprint: 3B011284D8EBE902841CEC48F9D7F18BEF71BA404835717D5D2BEF5655710793 Standard Audit Period End Date (mm/dd/): 11/15/2017 CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint: 247A6D807FF164031E0EB22CA85DE329A3A4E6603DBC6203F0C6E282A9C9EA84 Standard Audit Period End Date (mm/dd/): 12/06/2017 BR Audit Period End Date (mm/dd/): 12/06/2017 - Certificate Name: Intesa Sanpaolo Organization Validation CA SHA-256 Fingerprint: 27CDD699DE15EE88A05BB10ED9DF2FC5E4CA25B5FDD42988963A38EC8940D55A Standard Audit Period End Date (mm/dd/): 12/07/2017 BR Audit Period End Date (mm/dd/): 12/07/2017 - Certificate Name: MULTICERT SSL Certification Authority 001 SHA-256 Fingerprint: 06A57D1CD5879FBA2135610DD8D725CC268D2A6DE8A463D424C4B9DA89848696 Standard Audit Period End Date (mm/dd/): 12/19/2017 BR Audit Period End Date (mm/dd/): 12/19/2017 CA Owner: DigiCert - Certificate Name: ABN AMRO CA - G2 SHA-256 Fingerprint: AF6BFC9FF646FA900FEA0D79B89932304E27F84CC9E261BDE52B0EC04CF5AD85 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: ABN AMRO CA - G2 SHA-256 Fingerprint: B91AF4B7FFC8DB435304212030724BECB2F23686552149FD671339C9528A65F9 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: ABN AMRO Test CA - G2 SHA-256 Fingerprint: 52D90CEF761E2458A8B51638EF0A0513584EBA986E740C573AD2A73882818EE9 Standard Audit Period End Date (mm/dd/): 05/24/2017 - Certificate Name: Philips Extranet CA - G4 SHA-256 Fingerprint: E20AFEA72530C529D4046852144A267337221C5BE303528C07EF640BCAD6F091 Standard Audit Period End Date (mm/dd/): 07/22/2017 - Certificate Name: Shell Information Technology International CA - G3 SHA-256 Fingerprint: 91603DADB54CBCDEDD43805EA7A272EB31DF8444775064A01821C2B650890DCE Standard Audit Period End Date (mm/dd/): 07/22/2017 Comment: Incident Report for these outdated audit statements https://bugzilla.mozilla.org/show_bug.cgi?id=1539296 CA Owner: Entrust - Certificate Name: LAWtrust2048 CA2 SHA-256 Fingerprint: 4957DED341054641139CBAB3B96006545D094D449590FB08AE9A78D05A40BD83 Standard Audit Period End Date (mm/dd/): 12/31/2017 CA Owner: QuoVadis - Certificate Name: VR IDENT SSL CA 2016 SHA-256 Fingerprint: FD3E44280C8DCBE8CF8CF55511E0669C8537945DA1FA7468C0EA52B686DD5B68 Standard Audit Period End Date (mm/dd/): 12/31/2017 BR Audit Period End Date (mm/dd/): 12/31/2017 - Certificate Name: VR IDENT EV SSL CA 2016 SHA-256 Fingerprint: 55B0CD2CCAD18E25977D906DAC9FA8B8643D7A258E7B3837F1157A13AC19D187 Standard Audit Period End Date (mm/dd/): 12/31/2017 BR Audit Period End Date (mm/dd/): 12/31/2017 EV SSL Audit Period End Date (mm/dd/): 12/31/2017 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy