← Sectigo cases
Bugzilla #1698936
Certificate Problem Report
Sectigo: ZeroSSL: failure to revoke within 24 hours
RESOLVED
FIXED
Sectigo
AI Summary
This case addresses a failure by ZeroSSL to revoke a certificate within the required 24-hour timeframe after a reported compromise. The user encountered errors while attempting to revoke the certificate through ZeroSSL's web portal and subsequently contacted support. Despite efforts to resolve the issue, the certificate remained unrevoked until the matter was escalated to Bugzilla. The case highlights the complexities involved in the revocation process, particularly regarding the roles of ZeroSSL as a reseller and Sectigo as the issuing CA.
Chronology
- User reports inability to revoke certificate through ZeroSSL portal.
- Sectigo responds, stating the issue is invalid due to improper reporting mechanism.
- ZeroSSL clarifies its revocation process and updates its terms.
Participants
Chris Marget
Tim Callan
Ryan Sleevi
Ben Wilson
Julian Zehetmayr
External References
Similar Local Cases
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: CPR response issues
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: Mojibake in certificate Subject fields
Sectigo: Misspellings in stateOrProvince or localityName fields
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: Failure to revoke key-compromised certificates
Sectigo: 2020 failure to respond to CPRs discovered