← GlobalSign nv-sa cases
Bugzilla #1639799
Certificate Problem Report
GlobalSign: Failure to revoke key-compromised certificate within 24 hours
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign faced a significant issue when a key-compromised certificate was not revoked within the required 24-hour timeframe after a report was submitted. The incident was reported on May 12, 2020, and the revocation was completed on May 13, 2020, which was outside the expected window. The delay was attributed to a timezone confusion in the case management system. GlobalSign has since implemented changes to ensure that such errors do not occur in the future, including adjustments to their case management system to display time zones clearly and to automate revocation deadlines.
Chronology
- Certificate problem report submitted regarding key compromise.
- Certificate revoked, exceeding 24-hour requirement.
- Bugzilla ticket created to address the issue.
- Changes made to case management system to prevent future errors.
- Further adaptations to the case management system completed.
Participants
mpalmer@hezmatt.org
arvid.vermote@globalsign.com
bwilson@mozilla.com
External References
Similar Local Cases
GlobalSign: OCSP Status HTTP 530
SwissSign: failure to provide a preliminary report within 24 hours
Sectigo: Failure to revoke key-compromised certificate within 24 hours
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours
Sectigo: Failure to properly respond to a report of subscriber key compromise
GoDaddy: Failure to revoke key-compromised certificates within 24 hours
GlobalSign: Caching headers inaccurate for subset of CRLs
GlobalSign: Failure to provide a preliminary report within 24 hours