← Sectigo cases
Bugzilla #1619359
Certificate Problem Report
Sectigo: Failure to provide a preliminary report within 24 hours
RESOLVED
FIXED
Sectigo
AI Summary
This case concerns Sectigo's failure to provide a preliminary report within the required 24-hour timeframe after receiving multiple certificate problem reports regarding potentially compromised keys. The reports were submitted by a user who received only auto-acknowledgments and delayed responses from Sectigo. After acknowledging the issue, Sectigo committed to improving their incident response processes and implemented an automated revocation mechanism for compromised keys. The case has been resolved with Sectigo taking steps to ensure compliance with reporting requirements.
Chronology
- Multiple certificate problem reports submitted to Sectigo.
- Sectigo acknowledges the bug report and commits to providing an incident response.
- Sectigo provides a detailed timeline of their actions in response to the problem reports.
- Sectigo announces the addition of an automated revocation mechanism.
- Bug is marked for closure after satisfactory resolution.
Participants
Ryan Sleevi
Robin Alden
Matt Palmer
Mozilla Team
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: Failure to revoke key-compromised certificates
Sectigo: Failure to provide timely incident reports
Sectigo: "Default City" in Subject:localityName
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: Use of forbidden subjectPublicKeyInfo algorithm
Sectigo: "Some-State" in stateOrProvinceName
Sectigo: EV SSL Certificates with incorrect subject details.