← GoDaddy cases
Bugzilla #1734953
Certificate Problem Report
GoDaddy: CPR responses greater than 24 hours
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy experienced a violation of the Baseline Requirements by failing to respond to two Certificate Problem Reports (CPRs) within the mandated 24-hour timeframe. The issue was identified on September 27, 2021, during a routine check, revealing that both CPRs, related to a potential phishing attack, were received the previous day. GoDaddy implemented a series of corrective actions, including process changes and training, to prevent future occurrences. The case was resolved on November 1, 2021, after all mitigation strategies were completed.
Chronology
- Two CPRs received reporting possible phishing attacks.
- Issue identified during routine check; investigation initiated.
- RA Management meets with IT to discuss long-term solutions.
- Bug closed after mitigation strategies completed.
Participants
Brittany Randall
External References
Similar Local Cases
GoDaddy: Failure to revoke 210 subscriber certificates within 24 hours
GoDaddy: OV Documentation Reuse
GoDaddy: Root CRLs exceed maximum validity period by 1 second
GoDaddy: CRLs are version 1 and lack CRL Number extension
GoDaddy: Failure to Revoke Subscriber Certificates within 24 hours
GoDaddy: Reported TLS Certificate Private Key Exposure
GoDaddy: Revocation process is unusable due to contact address not accepting attachments
GoDaddy: CPR was not responded to in 24 hours