Open Bug 1990275 Opened 27 days ago Updated 7 days ago

SwissSign: recommendation on publication process for CA related data

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: sandy.balzer, Assigned: sandy.balzer)

Details

(Whiteboard: [ca-compliance] [audit-finding])

Preliminary Incident Report

Summary

  • Incident description: The audit report contains a recommendation regarding the improvement of SwissSign’s publication process for CA related data (e.g. PKI chain and relevant certificates including issuing CAs) in its public repository.

  • Relevant policies: ETSI EN 319 411-1, DIS-6.1-01A

  • Source of incident disclosure: Audit

Assignee: nobody → sandy.balzer
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance] [audit-finding]

Full Incident Report

Summary

  • CA Owner CCADB unique ID: A000049

  • Incident description: The audit report contains a recommendation regarding the improvement of SwissSign’s publication process for CA related data (e.g. PKI chain and relevant certificates including issuing CAs) in its public repository.

  • Timeline summary:

    • Non-compliance start date: N/A (audit recommendation and not non-compliance)

    • Non-compliance identified date: N/A (audit recommendation and not non-compliance)

    • Non-compliance end date: N/A (audit recommendation and not non-compliance)

  • Relevant policies: ETSI EN 319 411-1, DIS-6.1-01A

  • Source of incident disclosure: Audit

Impact

  • Total number of certificates: N/A
  • Total number of "remaining valid" certificates: N/A
  • Affected certificate types: N/A
  • Incident heuristic: N/A
  • Was issuance stopped in response to this incident, and why or why not?: Certificate issuance was not halted, as certificate issuance was not impacted.
  • Analysis: N/A
  • Additional considerations: During the audit an error in our certificate repository was detected (all required PEM files are correct, one wrong DER file). To prevent this in the future the auditors recommendation is to improve the current process to ensure correctness.

Timeline

  • 12.09.2025 Audit report containing this recommendation published

Related Incidents

None found

Root Cause Analysis

**Contributing Factor #1: **

  • Description: Currently the page is manually constructed because this page does not need regular updates (as only changes to ICA and roots trigger an update)
  • Timeline: N/A
  • Detection: Audit
  • Interaction with other factors: N/A
  • Root Cause Analysis methodology used: N/A

Lessons Learned

  • What went well: N/A
  • What didn’t go well: N/A
  • Where we got lucky: N/A
  • Additional: N/A

Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
SwissSign will check for automation possibilities Prevent Root Cause # 1 page is published without errors 2026-04-30 ongoing

Appendix

n/a

We're monitoring this Bugzilla for Community feedback.

You need to log in before you can comment on or make changes to this bug.