← GoDaddy cases
Bugzilla #1662807
Certificate Problem Report
GoDaddy: Certificates issued with validity periods greater than 398-days
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy issued certificates with validity periods exceeding the 398-day limit set by the CA/Browser Forum, which became effective on September 1, 2020. The issue was reported on the same day, leading to a series of actions including the revocation of 107 affected certificates. GoDaddy acknowledged the mistake, attributing it to a misunderstanding of effective dates and has since implemented organizational changes to improve compliance processes. The case was resolved with a commitment to prevent future occurrences.
Chronology
- Certificate problem reported via GoDaddy's problem reporting mechanism.
- Certificates were reissued and affected certificates were revoked.
- Final update on governance processes and control verifications completed.
Participants
Ryan Sleevi
Joanna Fox
Paul Steinberg
Clint Wilson
Lindsay Webb
External References
Similar Local Cases
GoDaddy: Issues with State and Country fields
GoDaddy: Insufficient serial number entropy
GoDaddy: Failure to revoke certificate with compromised key within 24 hours
GoDaddy: failure to revoke underscores
GoDaddy: Document Reuse Issue
GoDaddy: improperly encoded certificate issued by Go Daddy Secure Certification Authority
Telekom Security: CRL also contained unrevoked certificates
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName