← MULTICERT cases
Bugzilla #1534429 Certificate Problem Report

Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy

RESOLVED FIXED MULTICERT
AI Summary

Multicert identified an issue with insufficient entropy in the serial number generation for certificates issued by their SSL Certification Authority 001, which resulted in only 63 bits of effective entropy. Following the discovery, they halted certificate issuance, investigated the issue, and implemented a fix to ensure a minimum of 120 bits of entropy. The affected certificates were revoked in stages, with a total of 705 certificates revoked by July 2, 2019. The incident raised concerns regarding compliance with Baseline Requirements and highlighted the need for improved communication and processes for certificate management.

Model: gpt-4o-mini Generated: 2026-06-13 18:07 UTC Confidence: 0.90
Chronology
  1. Identified ongoing discussions about serial number entropy.
  2. Confirmed the issue affected their systems and halted certificate issuance.
  3. Deployed a fix and resumed certificate issuance.
  4. Completed revocation of 705 affected certificates.
Participants
ca.forum@multicert.com ryan.sleevi@gmail.com eusebio.herrera@camerfirma.com wthayer@fastly.com
External References
Original Bugzilla Case
Similar Local Cases
#1534429 RESOLVED Certificate Problem Report Opened 2019-03-11 · Closed 2023-02-22 · 73% similar
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
AI Summary CA Owner
#1637093 RESOLVED Certificate Problem Report Opened 2020-05-11 · Closed 2023-02-22 · 66% similar
Multicert: AIA CA Issuer field pointing to PEM encoded cert
AI Summary CA Owner
#1538638 RESOLVED Certificate Problem Report Opened 2019-03-25 · Closed 2023-02-22 · 62% similar
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy
AI Summary CA Owner
#1536831 RESOLVED Certificate Problem Report Opened 2019-03-20 · Closed 2023-02-22 · 60% similar
GDCA: Insufficient Serial Number Entropy
AI Summary CA Owner
#1540961 RESOLVED Certificate Problem Report Opened 2019-04-02 · Closed 2023-02-22 · 59% similar
Atos: Insufficient Serial Number Entropy
AI Summary CA Owner
#1554259 RESOLVED Certificate Problem Report Opened 2019-05-24 · Closed 2023-02-22 · 57% similar
GlobalSign: SPKI lacks explicit NULL parameter,
AI Summary CA Owner
#1575880 RESOLVED Certificate Problem Report Opened 2019-08-22 · Closed 2023-02-22 · 55% similar
GlobalSign: SSL Certificates with US country code and invalid State/Prov
AI Summary CA Owner
#1579509 RESOLVED Certificate Problem Report Opened 2019-09-06 · Closed 2022-11-14 · 54% similar
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action