← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1652604
Delayed Revocation
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The PKIoverheid faced challenges in revoking certain certificates within the required 7-day timeframe due to complexities in their PKI system. The organization outlined a detailed plan to transition from the 'Staat der Nederlanden Root CA - G3' to the 'Staat der Nederlanden EV Root CA', which involved reissuing certificates and revoking those that were no longer in use. As of early 2021, significant progress had been made, with 95% of TLS certificates replaced and a phased revocation plan in place for the remaining certificates. The case was resolved with the implementation of these measures.
Chronology
- Bug opened to track incident response.
- Logius PKIoverheid reported delays in revocation.
- Detailed timeline of remediation steps shared.
- Update provided on progress of certificate replacements.
- Bug closure planned after resolution.
Participants
Ben Wilson
Jorik van 't Hof
David Weissenberg
Ryan Sleevi
External References
Similar Local Cases
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
Entrust: Late Revocation due to SHA-256 hash algorithm
DigiCert: Delay of revocation for EV audit inconsistency incident
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days
Buypass: Delayed revocation of TLS certificates