← Entrust cases
Bugzilla #1712106
Certificate Problem Report
Entrust: Invalid localityName
RESOLVED
FIXED
Entrust
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update.
Always refer to the official Bugzilla thread as the authoritative source.
If you spot an inaccuracy, let me know via the contact form.
AI Summary
Entrust identified that two certificates were issued with invalid localityName data after receiving a third-party report. The issue was confirmed on May 19, 2021, leading to the revocation of the certificates within the required timeframe. Entrust has since updated their verification processes to prevent similar issues, including implementing an address validation system based on Universal Postal Union data. The new feature was successfully released in December 2021.
Chronology
- Entrust received a certificate problem report regarding invalid localityName.
- The two certificates were revoked.
- The new address validation feature was released to production.
Participants
Dathan Demone
Ryan Sleevi
External References
Similar Local Cases
Entrust: Compromised Private Key was not Revoked in Less than 24 Hours
Entrust: IP Address in dNSName form
Entrust: Invalid data in State/Province Field
Entrust: Late revocation of underscore certificate
Entrust: Failure to provide a preliminary report within 24 hours.
Entrust: CPR was not responded to in 24 hours
Entrust: delayed revocation
SSL.com: Entrust API and CAA checking