← IdenTrust Services, LLC cases
Bugzilla #1500593
Certificate Misissuance
IdenTrust: Internal names / failure to report
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC faced a misissuance issue involving a certificate that contained SAN entries for invalid .INT domains. The certificate was created for internal use and was revoked promptly after being reported. IdenTrust acknowledged the oversight and has since implemented changes to their certificate approval processes to prevent similar issues in the future. The incident was communicated to the relevant parties, and the necessary steps for remediation were taken.
Chronology
- Misissuance reported by Nicholas Hatch.
- IdenTrust acknowledged the issue and revoked the certificate.
- Bug filed regarding the incident.
- Last change made to the case.
Participants
Wayne Thayer
Nicholas Hatch
External References
Similar Local Cases
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Cross-signed root certificate mis-issuance
IdenTrust: unintended creation of a Root CA certificate
IdenTrust: Mis-Issued EV Code Signing Certificate
IdenTrust: Mis-Issued EV Certificates
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
IdenTrust: Approval of TLS certificate renewal without domain validation