← Sectigo cases
Bugzilla #1597948
Certificate Problem Report
Sectigo: Missing Intermediate CA Certificate in Audit - D-TRUST CA 2-1 2015
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo addressed an issue regarding the D-TRUST CA 2-1 2015, which was missing the SHA-256 thumbprint in its audit report. This was identified through a Failed ALV results report in CCADB. The problem was acknowledged, and a new Audit Attestation was prepared to include the necessary thumbprint, which was delivered in December 2019. The issue was resolved, and the CA has committed to ensuring compliance with Mozilla's policies in future audits.
Chronology
- Email alert about Failed ALV results sent to CAs
- Bug reported regarding missing SHA-256 thumbprint
- New Audit Attestation received from D-Trust
- New Audit Attestation posted to CCADB
- Bug closed after remediation steps confirmed
Participants
Robin Alden
bwilson@mozilla.com
External References
Similar Local Cases
Sectigo: Missing Intermediate CA Certificate in Audit - D-TRUST CA 2-1 2015
Sectigo: Failure to properly respond to a report of subscriber key compromise
Sectigo: Use of forbidden subjectPublicKeyInfo algorithm
Sectigo: invalid subject:organizationalUnitName on DV certificates
Sectigo: Failure to revoke key-compromised certificate within 24 hours
Sectigo: invalid dnsName
Sectigo: EV SSL Certificates with incorrect businessCategory
Sectigo: Failure to revoke within 24 hours