Closed Bug 1614444 Opened 5 years ago Closed 5 years ago

Chunghwa Telecom: ALV failures on intermediate certificates

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: realsky)

Details

(Whiteboard: [ca-compliance] [audit-failure])

I am filing this bug because this CA responded to Action 5 of Mozilla's January 2020 CA Communication survey with: "We have no audit issues with our intermediate certificates identified by CCADB". However, ALV is reporting the following problems that the CA must investigate and resolve.

Audit Letter Validation (ALV) is providing the following results for this CA. For each of the certificates listed below, the CA needs to follow the "When ALV returns FAIL" section of https://wiki.mozilla.org/CA/Audit_Letter_Validation

Standard Audit ALV Found Cert	BR Audit ALV Found Cert	CA Owner/Certificate Name	SHA-256 Fingerprint
PASS	FAIL	Chunghwa Telecom Co., Ltd. - Public Certification Authority - G2	DAE3434F696FC9F0F652E1B2A6F69B5E9273D09F43BD3BDD4717D6141F8CD2C2
PASS	FAIL	Chunghwa Telecom Co., Ltd. (ePKI Root CA Self-issued Certificate(old with new))	D108C34A58C0E4A616449F8C48318023A229C86CD3DDD5D5FE6041A401C16A14
PASS	FAIL	ePKI Root Certification Authority - G2	64717250AF8B028DD8E5C0BAE4C9142C8B103532612BC487085FD3C319F9C067
FAIL	FAIL	Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority	979E5FF7DD258545F1D1D737F9408F3A55AE77C8FC6E61DC474250D2C979B051
FAIL	FAIL	ePKI Root Certification Authority - G2	44A157D9348860A7D4CE7C92E1A389E4CC0CA5967F9DBBBD126639F9B98046B7
FAIL	FAIL	ePKI Root Certification Authority - G2 (ePKI Root CA Self-issued Certificate-new with old, signed on Oct 18, 2019)	18467C4E64D586C844A44466DE5BA7A6D5969C7A92859A511C5FDAD75B03CDCE
Assignee: wthayer → realsky
Flags: needinfo?(realsky)

I investigate and resolve for those intermediate certificates. For existing audit statements issued in 2019, I add a comment to the "Standard Audit ALV Comments" or "BR Audit ALV Comments" fields indicating that the SHA-256 fingerprint of the certificate is listed but has a formatting problem that will be fixed in the next annual audit statement.

For new certificates issued after last annual audit, I add a comment to he "Standard Audit ALV Comments" or "BR Audit ALV Comments" fields indicating that "Have our auditor provide an updated audit statement that follows the formatting requirements for the SHA-256 Fingerprints in July or August 2020".

Please let me know if you have any other suggestions.

Thank you.

Flags: needinfo?(realsky)
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Product: NSS → CA Program
Whiteboard: [ca-compliance] → [ca-compliance] [audit-failure]
Summary: Chunghwa Telecom: Audit Letter Validation failures on intermediate certificates → Chunghwa Telecom: ALV failures on intermediate certificates
You need to log in before you can comment on or make changes to this bug.