← DigiCert cases
Bugzilla #1417777
Certificate Problem Report
DigiCert: Insufficient entropy in serial numbers
RESOLVED
DigiCert
AI Summary
DigiCert identified an issue where their validation system used random numbers with insufficient entropy for email validations, utilizing only 77 bits instead of the required 112 bits. The problem was reported on November 1, 2017, and a patch was implemented on November 3, 2017, to correct the entropy levels. The incident affected a significant number of certificates issued under the old system, but no further issues were found in other systems. DigiCert has since taken steps to ensure compliance with the required standards.
Chronology
- Issue reported by partner CTJ
- Investigation began
- Patch implemented to fix entropy issue
Participants
Jeremy Rowley
External References
Similar Local Cases
DigiCert / InfoCert: Insufficient Serial Number Entropy
DigiCert: Certificate Issues Identified on the Mailing List
DigiCert: Truncation of Registration Number
DigiCert: BR 3.2.5 Validation of Authority Failure for OV Certs
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension
DigiCert: Use of forbidden subjectPublicKeyInfo algorithm
DigiCert: Underscores - Discover
DigiCert: improper use of domain validation method