← Sectigo cases
Bugzilla #1620561
Certificate Problem Report
Sectigo: Non-revocation of certificates with subject:organizationalUnitName in DV certificates
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo faced scrutiny for not revoking a large number of Domain Validated (DV) SSL certificates that included the 'organizationalUnitName' field, which was deemed non-compliant with the CA/B Forum's Baseline Requirements. The company argued that the requirements were unclear and that revocation would significantly impact end users, particularly for devices that could not automatically update their certificates. Despite the challenges, Sectigo committed to revising its practices and working towards compliance, including plans for future certificate issuance with shorter lifetimes.
Chronology
- Initial report of non-revocation by Sectigo.
- Sectigo reported progress on revoking affected certificates.
- Sectigo processed 737,637 revocations for certs issued under the wd2go.com domain.
- Discussion concluded with plans for Sectigo to continue diligent revocation of misissued certificates.
Participants
Robin Alden
Nick France
Ryan Sleevi
External References
Similar Local Cases
Sectigo: invalid subject:organizationalUnitName on DV certificates
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: EV SSL Certificates with incorrect subject details.
Sectigo: Use of forbidden subjectPublicKeyInfo algorithm
Sectigo: "Some-State" in stateOrProvinceName
Sectigo: "Default City" in Subject:localityName
Sectigo: EV SSL Certificates with incorrect businessCategory
Sectigo: invalid dnsName