← GoDaddy cases
Bugzilla #1734265
Certificate Problem Report
GoDaddy: Root CRLs exceed maximum validity period by 1 second
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy identified an issue where their root Certificate Revocation Lists (CRLs) were issued with a validity period exceeding the maximum allowed by one second. This was discovered during a review of a related bug report. The PKI Compliance team confirmed that all root CRLs were impacted and took immediate action to rectify the situation. A ceremony was conducted to issue new CRLs with the correct validity period, and updates to the Certificate Policy/Certification Practice Statement were implemented to prevent future occurrences.
Chronology
- Root CRLs issued with a validity period of 365 days and 1 second.
- PKI Compliance team confirms all root CRLs are impacted.
- New root CRLs with corrected validity period deployed to production.
- Updated CP/CPS published reflecting current validity periods.
Participants
Brittany Randall
External References
Similar Local Cases
GoDaddy: OV Documentation Reuse
GoDaddy: CRLs are version 1 and lack CRL Number extension
GoDaddy: CPR responses greater than 24 hours
GoDaddy: Failure to revoke 210 subscriber certificates within 24 hours
GoDaddy: Revocation process is unusable due to contact address not accepting attachments
GoDaddy: Reported TLS Certificate Private Key Exposure
GoDaddy: Agreed-Upon Website Domain Validation Method Issue
GoDaddy: Partitioned CRL files missing Issuing Distribution Point