← SECOM Trust Systems CO., LTD. cases
Bugzilla #1707229
Delayed Revocation
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
RESOLVED
FIXED
SECOM Trust Systems CO., LTD.
AI Summary
SECOM Trust Systems reported a delay in the revocation of FUJIFILM certificates that were not technically constrained, which should have been revoked within five days of identification on April 16, 2021. The delay was attributed to coordination issues with FUJIFILM regarding the replacement of server certificates. Although the certificates were eventually revoked on April 26, 2021, concerns were raised about SECOM's compliance with revocation timelines and the potential for future delays. SECOM has since committed to improving its processes and implementing automation to prevent similar issues.
Chronology
- SECOM recognized the need to revoke non-compliant FUJIFILM certificates.
- All relevant FUJIFILM certificates were revoked.
Participants
Hisashi Kamo
Paul Steinberg
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
Entrust: Late Revocation due to SHA-256 hash algorithm
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName
DigiCert: Delay of revocation for EV audit inconsistency incident
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
Buypass: Delayed revocation of TLS certificates
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical