← IdenTrust Services, LLC cases
Bugzilla #1588213
CCADB Compliance
IdenTrust: Missing Thumbprints for Intermediate CA certificates In Some Annual Audit Reports
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported missing thumbprints for 14 Intermediate CA certificates in their annual audit reports. The issue was identified following a Mozilla forum post, leading to a detailed investigation. It was confirmed that there were no mis-issued certificates or security issues with the flagged intermediates. However, concerns were raised regarding the compliance of these certificates with the Baseline Requirements, particularly regarding their capability to issue TLS certificates. IdenTrust has committed to working with auditors to correct the reports and has outlined a plan for revocation of certain certificates. The case has been resolved with updated audit reports submitted.
Chronology
- IdenTrust became aware of missing thumbprints via a Mozilla forum post.
- IdenTrust filed a Bugzilla report regarding the issue.
- IdenTrust confirmed that missing thumbprints were due to reporting oversight.
- IdenTrust submitted updated audit reports.
- IdenTrust committed to revoking certain certificates.
Participants
roots@identrust.com
ryan.sleevi@gmail.com
wthayer@fastly.com
bwilson@mozilla.com
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Microsoft PKI Services: Incomplete Logical Access Review Audit Evidence
Sectigo: CCADB failed ALV - Network Solutions Certificate Authority
Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls
IdenTrust: Temporary Errors in Test Website Certificates
SSL.com: Intermediate certificate not listed in audit reports
IdenTrust: Delay in updating a Bug 2016585 - Next update
IdenTrust: Delay in updating a Bugzilla ticket Bug 2014610 - Next update
CFCA: Delayed reporting of intermediate CA certificate