Closed Bug 1266501 Opened 8 years ago Closed 8 years ago

Certinga: certificate with invalid date format

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kurt, Assigned: j.allemandou)

References

Details

Attachments

(1 file)

CERTIGNA - BR Self Assessment v1.4.xlsx
39.55 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details 
Hi,

This certificate:
https://crt.sh/?id=16843038&opt=cablint,x509lint

Has the not valid after set using Generalized Time instead of UTCTime.  It's doing it correctly for not valid before.

https://tools.ietf.org/html/rfc5280#section-4.1.2.5 clearly states that dates before 2050 should use UTCTime.
Blocks: BR-Compliance
Assignee: kwilson → j.allemandou
Blocks: 1265683
The problem has been identified by our teams and is being processed.
We have identified and corrected the problem which concerned the renewal process on which an update has been applied in january. After control, we have identified the few certificates concerned by the use of « GeneralizedTime » in the field « Not after ». We are currently contacting the Certificate managers to operate the revocation and change of their certificate. We will informe you shortly when all certificates concerned will be replaced.
Hi,

We wish to inform you that the majority of relevant certificates have already been replaced, including one designated in this bug.

We remain at your disposal for any further information.

Thank you in advance for your reply.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → NSS
New version of our BR Self Assessment to integrate the updates relating to "DNS CAA" and "Certificate transparency".
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: