Open Bug 2009541 Opened 1 day ago Updated 14 hours ago

Microsoft PKI Services: Failure to report within 72 hrs - Sample Site Certs Expired

Categories

(CA Program :: CA Certificate Compliance, task)

Product:

Component:

Type:

task

Priority:

Not set

Severity:

--

Tracking

(Not tracked)

Status:

ASSIGNED

People

(Reporter: CentralPKI, Assigned: CentralPKI)

Details

(Whiteboard: [ca-compliance] [policy-failure])

Microsoft PKI Services

Assignee

Description

•

1 day ago

Preliminary Incident Report

Summary

Incident description:
On 2025 12 29 at ~9:15 AM PST, Microsoft PKI Services became aware of expired “valid” and “revoked” certificate samples on our Sample Sites for two Root Certificates, which is out of compliance with Section 2.2 of the Baseline Requirements. Bug 2008847 was opened on 2026-01-06 to address and remediate this issue. CCADB policy mandates that we must open a Bugzilla within 72 hours of becoming aware of such an issue. This delay represents a non-compliance event with our reporting obligations.
Relevant policies:
- CCADB Policy Section 6.1 – stating we must follow CCADB IRG
- CCADB Incident Reporting Guidelines
Source of incident disclosure:
Relying Party

incident-reporting

Updated

•

14 hours ago

Assignee: nobody → CentralPKI

Status: UNCONFIRMED → ASSIGNED

Ever confirmed: true

Whiteboard: [ca-compliance] [policy-failure]

You need to log in before you can comment on or make changes to this bug.