← Entrust cases
Bugzilla #1561013
Certificate Misissuance
Entrust: Certificate issued with validity greater than 825-days
RESOLVED
FIXED
Entrust
AI Summary
Entrust issued two EV SSL certificates with a validity period exceeding the maximum allowed of 825 days. The issue was discovered during testing on June 21, 2019, and both certificates were revoked shortly after. Further investigation revealed a total of five certificates were affected due to incorrect data in the subject. Entrust has since stopped issuing certificates with these problems and implemented a manual process to ensure compliance with validity requirements. The incident has been resolved, and the CA has taken steps to prevent future occurrences.
Chronology
- Two certificates issued with validity greater than 825-days
- Issue discovered and both certificates revoked
- Further investigation revealed additional mis-issued certificates
- Phase 2 remediation deployed
Participants
Bruce Morton
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
Entrust: SHA-1 Issuance and other misissuance while testing
Entrust: Question marks in certificate O and L fields
Entrust: Late mis-issue certificate revocation
Entrust: Issued Certificates to incorrect Organization
Entrust: IP in dnsName
Entrust: Certificate Issued with Incorrect Country Code
Chunghwa Telecom: Test certificate with unregistered domain name
Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization"