← Sectigo cases
Bugzilla #1735761
Technical Compliance
Sectigo: CRL validity beyond CPS allowed value
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified a mismatch between their Certificate Revocation Lists (CRLs) and their Certificate Practice Statement (CPS) during a review prompted by external bug reports. Although their CRLs had a 'plus-second' behavior, they concluded it did not violate Baseline Requirements due to a 7-day limit. Following the review, they updated their CPS to align with their CRL practices. No certificate misissuance occurred as a result of this issue, and measures have been implemented to prevent future discrepancies.
Chronology
- Google Trust Services opens bug 1731164.
- Review concludes no BR violation; ticket opened for plus-second behavior.
- CPS updated to fix CRL mismatch.
Participants
Martijn Katerbarg
Tim Callan
B. Wilson
External References
Similar Local Cases
Sectigo: Late termination of privileged access to Certificate Systems
Sectigo: Lack of technical controls for multiparty control access to Secure Zone
Sectigo: Reseller ZeroSSL and Private Key Generation
Certainly: CRL Issuing Distribution Point Mismatch in CCADB
GDCA: CRL validity period exceeds allowed value by one second
Google Trust Services: CRL validity period set to expected value plus one second
Certainly: Root CRL validity period exceeds maximum by one second
Entrust: CRLs and OCSP responses not issued as specified in the CPS