← IdenTrust Services, LLC cases
Bugzilla #1792111
Certificate Problem Report
IdenTrust: Expired CRLs
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported an incident involving expired Certificate Revocation Lists (CRLs) for the 'IdenTrust Commercial Root CA 1'. The expired CRL led to approximately 137,000 downloads during a 90-minute window, violating CA/B Forum Baseline Requirements. The issue arose due to a failure in the notification process of an impending expiration, attributed to a misconfiguration in the mail system. The CA has since corrected the configuration and updated their monitoring system to prevent future occurrences.
Chronology
- New CRL created to replace upcoming expiration
- CRL expired and alert received
- Expired CRL replaced
- Configuration issue resolved
Participants
IdenTrust
Google
External References
Similar Local Cases
IdenTrust: TLS self audit testing below 3%
IdenTrust: Expired CRLs
IdenTrust: Failure to provide OCSP responses for valid ICA certificates
IdenTrust: CRL Potential Publication Delay due to Cache
IdenTrust: Discrepancy in values of address fields within CN of SSL Certificates
IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’.
IdenTrust: Unauthorized OCSP responses for cross-signed roots
IdenTrust: Expired ICAs CRLs