← D-TRUST cases
Bugzilla #1793440
Technical Compliance
D-TRUST: CRL not DER-encoded
RESOLVED
FIXED
D-TRUST
AI Summary
D-TRUST issued a certificate with a CRL distribution point that returned a PEM-encoded CRL, violating RFC5280. The issue was reported on October 3, 2022, and D-TRUST acknowledged the problem, detailing their investigation and corrective actions. They identified a configuration error in their publication script that led to the incorrect encoding. The issue was resolved by changing the script to prevent future occurrences. The case is now considered closed as all necessary actions have been taken.
Chronology
- Bug reported regarding CRL encoding issue.
- D-TRUST confirmed receipt and began investigation.
- Preliminary incident report submitted.
- Final report submitted; no additional findings.
- Incident considered resolved.
Participants
Andrew Ayer
Enrico Entschew
External References
Similar Local Cases
Amazon Trust Services: CRL not DER-encoded
GlobalSign: CRL contains invalid signature algorithm
Certainly: CRL Issuing Distribution Point Mismatch in CCADB
GoDaddy: inconsistent CP/CPS disclosure
Google Trust Services: OCSP responses not published in a timely manner
Sectigo: Late termination of privileged access to Certificate Systems
Microsoft PKI Services: 3-Month Access Review Process Failure
GDCA: CRL validity period exceeds allowed value by one second