← SSL.com cases
Bugzilla #1548720
Certificate Problem Report
SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com encountered an issue where a Certificate Revocation List (CRL) for a revoked intermediate certificate was not found at the expected URL. This was identified during a compliance check by Kathleen Wilson on May 2, 2019. The problem was traced back to an incorrect configuration in the CRL publishing process, which was resolved by updating the CRL to include the revoked certificate entry. The issue was marked as fixed on May 6, 2019, and an incident report was deemed necessary due to compliance requirements.
Chronology
- Bug reported regarding missing CRL for revoked certificate.
- CRL updated to include revoked certificate entry.
- Incident report detailing the issue and resolution submitted.
Participants
Kathleen Wilson
Chris Kemmerer
Ryan Sleevi
SSL.com Auditor
External References
Similar Local Cases
SSL.com: Expired CRLs
SSL.com: Issued precertificate with Debian Weak Key
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders
SK ID Solutions: Incorrect OCSP Delegated Responder Certificate
GoDaddy: improperly encoded certificate issued by Go Daddy Secure Certification Authority
GoDaddy: New GoDaddy incorrect issuance bug appears to be regression of 2010 issue
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields
DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance