← DigiCert cases
Bugzilla #1650910
Policy Compliance
DigiCert: Inconsistent EV audits
RESOLVED
DigiCert
AI Summary
DigiCert reported an incident regarding inconsistent audits for Extended Validation (EV) certificates. The issue was identified through a community discussion and led to an internal investigation. DigiCert confirmed that several Intermediate Certificate Authorities (ICAs) capable of issuing EV certificates were not included in the required EV audit scope. As a result, DigiCert has committed to halting EV issuance for affected ICAs and is implementing measures to ensure compliance with audit requirements moving forward.
Chronology
- Incident reported by DigiCert
- Internal investigation initiated
- Revocation of affected certificates commenced
- Audit year closed with EV-capable CAs included
Participants
Brenda Bernal
Ryan Sleevi
Jeremy Rowley
Wayne Thayer
External References
Similar Local Cases
PKIoverheid / QuoVadis: CPS inconsistencies
PKIoverheid / QuoVadis: CPS inconsistencies
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
DigiCert: Verizon CPS lacks CPR problem reporting instructions
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Camerfirma: Govern d'Andorra audits
Sectigo: Missing Changelog in CPS
QuoVadis: Recap of BR Compliance in 2018 issuance by external subCAs