← IdenTrust Services, LLC cases
Bugzilla #1744627
Certificate Misissuance
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust identified a misissuance of an OV SSL certificate on December 1, 2021, where the organization's account information had not been verified within the required timeframe of 398 days. The issue was discovered during routine verification activities, leading to the revocation of the certificate within 24 hours. IdenTrust has since implemented technical controls to prevent future occurrences, including an automated validation process to ensure compliance with document vetting timelines. The resolution was confirmed on January 20, 2022, with the new controls in place.
Chronology
- OV TLS certificate issued with outdated vetting
- Certificate revoked upon discovery of misissuance
- Automated validation controls deployed to prevent recurrence
Participants
IdenTrust
Ryan Sleevi
Ben Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
IdenTrust: Inconsistent Disclosure of Externally-Operated Intermediate
IdenTrust: Issuance of certificates greater than 398 days
IdenTrust: Approval of TLS certificate renewal without domain validation
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Mis-Issued EV Certificates
IdenTrust: Invalid special characters in S/MIME Certificates
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing