Open Bug 2052377 Opened 2 days ago Updated 1 day ago

Apple: Audit Documents missing 2 Sub-CAs

Categories

(CA Program :: CA Certificate Compliance, defect)

defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: certification_authority, Unassigned)

Details

(Whiteboard: [ca-compliance])

Steps to reproduce:

Preliminary Incident Report

Summary

  • Incident description: The Apple 2026 WebTrust Audit reports did not include 2 Sub-CAs created on 2/4/2026. They should have been on the WTCA, WTBR, and WTNS reports.
    • Apple Public Server ECC CA 13 - G1
      • SHA-256: 01682DA2E6A878468D0A4777162AEBE3233DC6935B066F71F486D5672375E1F1
    • Apple Public Server RSA CA 13 - G1
      • SHA-256: EF7147B7031ACF7942DD749549DD3FD9A564B916B325DFA9E255EBB9E16AEEEB
  • Relevant policies:
    • CCADB 5.1
    • CA/Browser Forum Baseline Requirements 8.1
  • Source of incident disclosure: Our root vendor, Sectigo, notified us that ALV came back with errors when uploading our audit documents regarding the 2 missing Sub-CAs.

We will post a Full Incident Report on or before July 16, 2026.

Component: CA Documents → CA Certificate Compliance
Whiteboard: [ca-compliance]
You need to log in before you can comment on or make changes to this bug.