Open Bug 2008847 Opened 2 days ago Updated 1 day ago

Microsoft PKI Services: Sample Site Certificates expired

Categories

(CA Program :: CA Certificate Compliance, task)

Product:

Component:

Type:

task

Priority:

Not set

Severity:

--

Tracking

(Not tracked)

Status:

ASSIGNED

People

(Reporter: CentralPKI, Assigned: CentralPKI)

Details

(Whiteboard: [ca-compliance] [policy-failure])

Microsoft PKI Services

Assignee

Description

•

2 days ago

Preliminary Incident Report

Summary

Incident description:
On 2025‑12‑29 at ~9:15 AM PST, Microsoft PKI Services became aware that our Sample Sites for two of our Root Certificates had expired “valid” certificate samples and expired “revoked” certificate samples. This is out of compliance with Section 2.2 of the Baseline Requirements.
On 2025‑12‑29 at ~5:46 PM PST, Microsoft PKI Services updated all impacted Sample Site certificates. This remediated the “active” certificate samples. The “revoked” certificate samples were updated on our repository at the same time, but the certificates themselves were not revoked until 2025-12-30 at ~12:00 PM PST.
Relevant policies:
Section 2.2 of Baseline Requirements – Publication of information)
Source of incident disclosure:
Microsoft PKI Services monitors public email lists and saw a discussion relating to this topic.

incident-reporting

Updated

•

1 day ago

Assignee: nobody → CentralPKI

Status: UNCONFIRMED → ASSIGNED

Ever confirmed: true

Whiteboard: [ca-compliance] [policy-failure]

You need to log in before you can comment on or make changes to this bug.