← Entrust cases
Bugzilla #1536287
Certificate Misissuance
Entrust: AffirmTrust Issuing CA Impacted by EJBCA Serial Number Issue
RESOLVED
FIXED
Entrust
AI Summary
Entrust's AffirmTrust brand faced an issue where serial numbers for certificates were incorrectly generated as 63 bits instead of the required 64 bits due to a configuration problem with EJBCA. The issue was identified on March 13, 2019, leading to an internal investigation that confirmed seven issuing CA/intermediate certificates were affected. Entrust has since re-signed these certificates with 127-bit serial numbers and has ceased issuing certificates with the problematic configuration. No revocation of the affected certificates was deemed necessary as the risk was assessed to be low.
Chronology
- EJBCA serial number issue reported and confirmed
- Investigation confirmed seven issuing CA/intermediate certificates were impacted
- Re-signed production intermediate certificates with 127-bit serial numbers
- Revoked one end entity certificate and non-production intermediate certificate
- Confirmed re-signed certificates into production distribution
Participants
Dathan Demone
Jonathan Sleevi
Wayne Thayer
External References
Similar Local Cases
Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization"
Entrust: Certificate issued with validity greater than 825-days
Entrust: Incorrect Business Category Value Discovered in an EV SSL Certificate
Entrust: Issued Certificates to incorrect Organization
Entrust: Question marks in certificate O and L fields
Entrust: Certificate Issued with Incorrect Country Code
IdenTrust: Improper encoding of wildcard certificate
Entrust: Jurisdiction Locality Wrong in EV Certificate