← Apple Inc. cases
Bugzilla #1843676
Certificate Problem Report
Apple: Revocation Delay for TLS certificates issued outside the TTL of the CAA record
RESOLVED
FIXED
Apple Inc.
AI Summary
Apple Inc. reported a compliance incident regarding the issuance of TLS certificates where the time between CAA lookup and certificate issuance exceeded the allowed limit. The issue was identified on June 29, 2023, and a fix was implemented within 24 hours. However, the revocation of affected certificates was delayed due to operational impacts, and the requirements for timely revocation were not met. As of September 2023, all affected certificates have been revoked, with a total of 1,717 certificates initially identified as valid.
Chronology
- Compliance incident reported
- Software fix deployed
- 5-day revocation window closed
- All affected certificates revoked
Participants
certification_authority@apple.com
bwilson@mozilla.com
External References
Similar Local Cases
Apple: TLS certificates issued outside the TTL of the CAA record
Apple: Public Key Reuse
Apple: EV Certificate Approver Authorization
Apple: CRLs for dormant CAs will not be populated in CCADB
Apple: Test website certificates expired
Apple: OCSP availability 2020-11-12
Apple: OCSP responders return ‘unknown’ for valid S/MIME and TLS certificates
Apple: OCSP responders return responses with incorrect issuer