← Entrust cases
Bugzilla #1737057
Technical Compliance
Entrust: CRLs and OCSP responses not issued as specified in the CPS
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified an issue where Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses were issued with a validity period exceeding the maximum specified in their Certificate Practice Statement (CPS) by one second. This discrepancy was discovered through a review of Mozilla Incident Reports. Although no certificates were mis-issued, Entrust took corrective action by re-issuing the affected root CRLs and OCSP responses to ensure compliance. The issue was resolved, and Entrust plans to update their CPS based on forthcoming CA/Browser Forum requirements.
Chronology
- Google Trust Services files incident Bug 1731164
- Investigation into incidents initiated
- Full incident report posted
- Root CRLs and OCSP responses re-issued to comply with CPS
Participants
Bruce Morton
Ben Wilson
External References
Similar Local Cases
Entrust: Non-BR-Compliant OCSP Responder
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates
Turn off Secure Email Trust Bit for certSIGN ROOT CA G2 cert
Firmaprofesional: 2022 - Title field
E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance
Request to disable SMIME "trust bit" for GoDaddy CAs
Firmaprofesional: 2023 - Ensure Timestamp service Logs Integrity