← IdenTrust Services, LLC cases
Bugzilla #1736706
Certificate Problem Report
IdenTrust: Failure to Revoke Subscriber Certificates Within 5 days
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust faced issues with revoking mis-issued subscriber certificates within the required 5-day timeframe. The CA determined that revoking these certificates promptly would significantly disrupt customer services, leading to a decision to extend the revocation period to 30 days. This decision was made after a risk management review, which concluded that the certificates posed a low security risk. The CA has since updated its processes to ensure compliance with revocation timelines and has completed necessary updates to subscriber agreements.
Chronology
- IdenTrust became aware of the problem while formulating a remediation plan.
- IdenTrust was reminded that revocation beyond 5 days requires a separate incident report.
- Updated subscriber agreements for TLS certificates were put in place.
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
IdenTrust: TLS ICA with User Notice in Policy Qualifier
IdenTrust: TLS self audit testing below 3%
IdenTrust: CRL Potential Publication Delay due to Cache
IdenTrust: Expired CRLs
IdenTrust: Failure to provide OCSP responses for valid ICA certificates
IdenTrust: Pre-certificates without a final certificate showing OCSP error
IdenTrust: Expired ICAs CRLs
IdenTrust: Certificate with missing details flagged by OCSP Watch