← DigiCert cases
Bugzilla #1575125
Certificate Problem Report
DigiCert: Apple: Unconstrained intermediate CAs not included in WTBR report
RESOLVED
DigiCert
AI Summary
DigiCert reported that Apple IST CAs 5, 6, and 7 were not included in the required WebTrust report for the audit period from April 2018 to April 2019. This oversight was due to ambiguity in the requirements at the time of their creation. No TLS server certificates were issued from these CAs, and they have since been revoked and added to OneCRL to address the issue.
Chronology
- DigiCert notified Apple about the missing CAs in the WTBR report.
- DigiCert issued an incident report regarding the failure to disclose the unconstrained intermediates.
- DigiCert revoked the problematic CA certificates.
- The CAs were added to OneCRL.
Participants
Wayne Thayer
Apple CA
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown"
DigiCert: Apple: Non-compliant Serial Numbers
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension
DigiCert: CAA Checking Issue
DigiCert: Symantec non-constrained/non-disclosed intermediate CA certificates
DigiCert: Verizon: "Default City" in Subject:localityName
DigiCert: *.sslsimplified.com compromised private key
DigiCert / ADACOM: published expired CRLs