← AC Camerfirma, S.A. cases
Bugzilla #1692535
Delayed Revocation
Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma faced challenges in revoking certificates issued by old CAs with a modulus size of 2047 bits. The CA initiated a substitution and revocation process for affected certificates, which included a timeline for client notifications and revocations. Despite initial plans, the revocation process encountered complications due to increased client inquiries and operational challenges. Ultimately, all affected certificates were revoked by early 2022, following a structured approach to minimize disruption for clients.
Chronology
- Bug reported by Camerfirma regarding delayed revocations.
- First batch of certificates revoked.
- All affected certificates successfully revoked.
- Case scheduled for closure.
Participants
Ana Lopes
Eusebio Herrera
Ben Wilson
External References
Similar Local Cases
Camerfirma: Delayed revocations related to Invalid stateOrProvinceName field
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
Camerfirma: Delayed revocations related to certificates without CABForum OV Reserved Policy Identifier
Entrust: Late Revocation due to SHA-256 hash algorithm
Microsec: Delayed revocation of the misissued certificates
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation