← Apple Inc. cases
Bugzilla #1724528
Policy Compliance
Apple: Intermediate CA certificates omitted from audit statement
RESOLVED
FIXED
Apple Inc.
AI Summary
Apple Inc. reported an incident where three of its EV Sub-CAs were omitted from the recently issued WebTrust audit statement. The omission was identified following a notification from their root vendor, DigiCert, prompting an internal review. Apple confirmed that the omission was an unintended clerical error and that the audits had correctly covered the omitted CAs. Amended audit statements were subsequently issued and published. Apple has since updated its quality review procedures to prevent similar issues in the future.
Chronology
- Received notification of outdated audit statements
- Received and published amended audit report
Participants
Apple CA
Ryan Sleevi
B Wilson
External References
Similar Local Cases
DigiCert: Inconsistent EV audits
Sectigo: Missing Changelog in CPS
Actalis: Non-BR-Compliant Certificate Issuance
GoDaddy: inconsistent disclosure of externally-operated intermediate
Asseco DS / Certum: Use of forbidden subjectPublicKeyInfo algorithm
Izenpe: Non-BR-Compliant Certificate Issuance
Entrust: Non-BR-Compliant Certificate Issuance
SwissSign: BRs require full annual audits