← IdenTrust Services, LLC cases
Bugzilla #1718552
Certificate Problem Report
IdenTrust: Certificates with Invalid values for stateOrProvinceName
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust identified that several of its OV SSL certificates contained invalid values in the 'stateOrProvinceName' field. The issue was reported on June 28, 2021, leading to the revocation of 40 affected certificates by June 30, 2021. An emergency code fix was deployed to prevent recurrence. The root cause was traced to a software bug introduced in February 2019, which allowed 'Not Applicable' to be erroneously included in the certificates. IdenTrust has since implemented measures to enhance its QA processes and prevent similar issues in the future.
Chronology
- IdenTrust received a report about invalid values in SSL certificates.
- Emergency code fix deployed and revocation of affected certificates scheduled.
- Revocation of 40 SSL certificates completed.
- Formal incident report provided.
- IdenTrust requested consideration for closing the report.
Participants
IdenTrust
Mozilla Security Group
External References
Similar Local Cases
IdenTrust: Incorrect Subject Details for HydrantId
IdenTrust: Invalid OrganizationIdentifier in S/MIME certificates
IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’.
IdenTrust: Bad OCSP Responses
IdenTrust: Discrepancy in values of address fields within CN of SSL Certificates
IdenTrust: S/MIME certificates issued in violation of New S/MIME Baseline Requirements v1.0
IdenTrust: duplicate Certificate in error flagged by OCSP Watch
IdenTrust: Failure to provide OCSP responses for valid ICA certificates