← Sectigo cases
Bugzilla #1639805 Certificate Problem Report

Sectigo: Failure to revoke key-compromised certificates

RESOLVED FIXED Sectigo
AI Summary

This case addresses Sectigo's failure to revoke certificates after reports of key compromise were submitted. Between May 7 and May 9, 2020, multiple reports were sent to Sectigo, but the certificates remained valid despite the claims of compromise. After significant delays and internal reviews, some certificates were eventually revoked, but the process was found to be flawed, leading to a systemic failure in handling key compromise reports. Sectigo has since acknowledged the issues and is implementing changes to improve their response to such incidents.

Model: gpt-4o-mini Generated: 2026-06-13 20:58 UTC Confidence: 0.90
Chronology
  1. Bug reported regarding failure to revoke compromised certificates.
  2. Sectigo revoked some certificates after review.
  3. Sectigo provided a detailed response outlining corrective actions.
  4. Bug intended to be closed unless further issues arise.
Participants
Rich Smith Matt Palmer Ryan Sleevi Robin Alden Ben Wilson
External References
Original Bugzilla Case sectigo.com sectigo.com secure.sectigo.com acme.sectigo.com acme.sectigo.com
Similar Local Cases
#1648717 RESOLVED Certificate Problem Report Opened 2020-06-26 · Closed 2023-02-22 · 75% similar
Sectigo: Failure to provide a preliminary report within 24 hours.
AI Summary CA Owner
#1619359 RESOLVED Certificate Problem Report Opened 2020-03-02 · Closed 2023-02-22 · 74% similar
Sectigo: Failure to provide a preliminary report within 24 hours
AI Summary CA Owner
#1645686 RESOLVED Certificate Problem Report Opened 2020-06-14 · Closed 2023-02-22 · 74% similar
Sectigo: Lack of input validation in stateOrProvinceName
AI Summary CA Owner
#1575022 RESOLVED Certificate Problem Report Opened 2019-08-19 · Closed 2023-02-22 · 73% similar
Sectigo: EV SSL Certificates with incorrect subject details.
AI Summary CA Owner
#1639801 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 66% similar
DigiCert: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1551362 RESOLVED Certificate Problem Report Opened 2019-05-14 · Closed 2023-02-22 · 66% similar
Sectigo: "Some-State" in stateOrProvinceName
AI Summary CA Owner
#1563579 RESOLVED Certificate Problem Report Opened 2019-07-04 · Closed 2023-02-22 · 66% similar
Sectigo: Failure to provide timely incident reports
AI Summary CA Owner
#1650845 RESOLVED Certificate Problem Report Opened 2020-07-06 · Closed 2024-06-30 · 66% similar
Sectigo: CPR response issues
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action