← Sectigo cases
Bugzilla #1650845
Certificate Problem Report
Sectigo: CPR response issues
RESOLVED
FIXED
Sectigo
AI Summary
The case involves Sectigo's handling of a certificate misissuance related to a specific certificate that was reported for incorrect subject information. Initial responses from Sectigo incorrectly assured that the certificate was revoked, despite it still appearing as 'good' in OCSP responses. The certificate was eventually revoked, but the communication from Sectigo was criticized for being misleading and requiring repeated clarification from the reporter. The incident highlighted issues in Sectigo's internal processes and communication regarding certificate revocation.
Chronology
- Initial problem report received by Sectigo.
- Certificate revoked.
- Update on remediation efforts provided.
- Discussion on closing the case initiated.
Participants
Matthias
Nick France
Ryan Sleevi
Ben Wilson
Rob
Tim Callan
External References
Similar Local Cases
Sectigo: Incorrect locality information
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: ZeroSSL: failure to revoke within 24 hours
Sectigo: Misspellings in stateOrProvince or localityName fields
Sectigo: DCV Reuse after 825 days
Sectigo: Mojibake in certificate Subject fields
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: Failure to revoke key-compromised certificates