← Entrust cases
Bugzilla #1524876
Certificate Misissuance
Entrust: IP in dnsName
RESOLVED
FIXED
Entrust
AI Summary
Entrust issued certificates containing IP addresses in the dnsName field, which was a deviation from standard practices. The issue was first reported on January 29, 2019, leading to an internal investigation. Entrust acknowledged that the certificates were issued to support a Microsoft browser issue and decided to allow them to expire rather than revoke them. Following discussions and further investigation, all problematic certificates were identified and subsequently revoked by February 28, 2019. The situation highlighted the need for better compliance with issuance policies.
Chronology
- Issue reported to Entrust regarding certificates with IP addresses in dnsName.
- Bug 1524876 opened.
- Investigation completed; revocation process initiated.
- Remaining problematic certificates revoked.
Participants
Jonathan Rudenberg
Bruce Morton
Ryan Sleevi
External References
Similar Local Cases
Entrust: SHA-256 hash algorithm used with ECC P-384 key
Entrust: Late mis-issue certificate revocation
Entrust: Certificate issued with validity greater than 825-days
Entrust: Issued Certificates to incorrect Organization
Entrust: SHA-1 Issuance and other misissuance while testing
Entrust: Question marks in certificate O and L fields
Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization"
Entrust: Certificate Issued with Incorrect Country Code