← IdenTrust Services, LLC cases
Bugzilla #1753287
Certificate Misissuance
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC identified non-compliance with the CA/B Forum's EV Guidelines, specifically regarding the public disclosure of vetting sources for EV certificates. An internal review revealed that 943 EV TLS certificates were issued without proper disclosure. The CA took immediate action to disable EV certificate issuance, publicly disclosed the vetting sources, and updated their policy documents. They are in the process of revoking the affected certificates, with a commitment to prevent future occurrences through enhanced internal reviews and compliance assessments.
Chronology
- Initial report of non-compliance received from internal review.
- Publicly disclosed vetting sources and updated policy documents.
- Concluded investigation of mis-issued certificates.
- Expected completion of revocation of all affected certificates.
Participants
IdenTrust
Ben Wilson
Ryan Sleevi
External References
Similar Local Cases
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
IdenTrust: Inconsistent Disclosure of Externally-Operated Intermediate
IdenTrust: Issuance of certificates greater than 398 days
IdenTrust: Issuance of Subordinate CA’s Without EKU
IdenTrust: Root OCSP Signer certificate mis-issuance
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Mis-Issued EV Certificates
IdenTrust: ICA with invalid CDP