← SSL.com cases
Bugzilla #1620772
Certificate Problem Report
SSL.com: Issued precertificate with Debian Weak Key
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com issued a precertificate using a known weak Debian key, which was reported as a violation of their Certificate Practice Statement (CPS). Upon receiving the report, SSL.com revoked the certificate within 24 hours and initiated an investigation. They identified that the weak key was not included in their existing blacklist and subsequently updated their systems to prevent future occurrences. SSL.com has committed to enhancing their key detection processes and has engaged with the community to improve their practices regarding weak keys.
Chronology
- SSL.com received a Certificate Resolution Request regarding a weak key.
- The certificate was revoked within 24 hours.
- SSL.com provided a preliminary report on the incident.
- SSL.com completed testing of an additional weak key detection engine.
Participants
Ryan Sleevi
Matt Palmer
Chris Kemmerer
Leo Grove
Wayne Thayer
External References
Similar Local Cases
SSL.com: CRL not found - SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl
SSL.com: Insufficient serial number entropy
Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours
DigiCert: Failure to revoke key-compromised certificate
TrustCor: Non-revocation of CA certificates within 7 days
SECOM: certificate for which “L” and “ST” not set
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work