← Sectigo cases
Bugzilla #1665763
Certificate Misissuance
Sectigo: Failure to revoke within 5 days
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo faced a compliance issue regarding the timely revocation of mis-issued certificates. The CA failed to revoke two batches of certificates within the required five-day period as mandated by the Baseline Requirements (BR). The oversight was attributed to a combination of human error and system limitations, leading to a delay in the revocation process. Although some certificates were revoked one day late, the final batch was scheduled for revocation by September 20, 2020. The incident raised concerns about Sectigo's internal processes and the need for improved compliance measures.
Chronology
- Sectigo received a problem report detailing mis-issued certificates.
- Initial investigation and processing of some certificates began.
- Five certificates were revoked one day late.
- Final batch of certificates scheduled for revocation.
- All referenced certificates have been revoked.
Participants
Rich Smith
Ryan Sleevi
Paul Steinberg
Tim Callan
Ben Wilson
External References
Similar Local Cases
Sectigo: Incorrect JOI for federal credit unions
Sectigo: Invalid stateOrProvinceName
Sectigo: Incorrect EV businessCategory
Sectigo: State name in localityName
Sectigo: IP Address Domain Validation Failure
Sectigo: Forbidden Domain Validation Method
Sectigo: Misspelled city name in localityName field
Sectigo: test certificates issued from trusted CA