← IdenTrust Services, LLC cases
Bugzilla #1669594
Certificate Misissuance
IdenTrust: Issuance of Subordinate CA’s Without EKU
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported the issuance of two subordinate CAs without the required Extended Key Usage (EKU) extension, violating BRs 1.7.2, section 7.1.2.2g. The issue was discovered during a final review prior to production deployment on October 6, 2020. IdenTrust took immediate action to revoke the mis-issued certificates and updated their certificate profiles to include the EKU extension. An incident report was provided detailing the timeline of events and corrective measures taken to prevent future occurrences.
Chronology
- Issued two subordinate CAs
- Discovered missing EKU extensions
- Revoked the two mis-issued subordinate CAs
- Submitted formal incident report
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
IdenTrust: test certificates inadvertently published in production environment
IdenTrust: Mis-Issued EV Certificates
IdenTrust: Approval of TLS certificate renewal without domain validation
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
IdenTrust: Issuance of certificates greater than 398 days
IdenTrust: CT Logging Mistakes