← TrustCor Systems cases
Bugzilla #1599503
Certificate Problem Report
TrustCor: No mention of TLS-capable Intermediate CAs in WTBR audit reports
RESOLVED
FIXED
TrustCor Systems
AI Summary
TrustCor Systems acknowledged a violation of BR Section 8.1 due to the omission of two Subordinate CAs in their audit reports. This issue was identified following a notification from Mozilla on October 8, 2019. TrustCor took immediate steps to address the oversight, including suspending the Enhanced Secure Email CA program and communicating with their independent auditor. Both CA certificates were ultimately revoked by April 2020, and new audit reports were submitted to WebTrust, ensuring compliance and minimal risk to users.
Chronology
- Mozilla notified TrustCor of discrepancies in audit reports.
- TrustCor communicated with their auditor regarding necessary report updates.
- TrustCor submitted new audit reports mentioning the Email CAs.
- TrustCor revoked the Basic and Enhanced Secure Email CA certificates.
Participants
Neil Dunbar
Kathleen Wilson
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
TrustCor: Non-revocation of CA certificates within 7 days
TrustCor: Insufficient Serial Number Entropy
TrustCor: Non-audited intermediate certificates
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
DocuSign/Keynectis: Non-BR-Compliant OCSP Responders
Consorci AOC: Non-BR-Compliant Certificate Issuance
SECOM: Ambiguity on KeyUsage with ECC public key
Camerfirma: MULTICERT certificates with a validity period greater than 825 days