← Entrust cases
Bugzilla #1804753
Delayed Revocation
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction
RESOLVED
FIXED
Entrust
AI Summary
Entrust faced challenges with the delayed revocation of EV TLS certificates that were issued with incorrect jurisdiction information. The incident was discovered in November 2022, and revocation was complicated by subscriber feedback requesting extensions due to end-of-year blackout periods. Ultimately, all affected certificates were revoked by March 2023. Entrust has since implemented measures to prevent similar issues in the future, including enhanced pre- and post-issuance checks.
Chronology
- Subscribers were informed of the incident and planned revocation.
- Experian certificates were revoked.
- First Abu Dhabi Bank PJSC certificates were revoked.
- Fidelity Investments certificate revocation was completed.
- Incident scheduled for closure.
Participants
Bruce Morton
Martijn Katerbarg
Chris Clements
B. Wilson
External References
Similar Local Cases
Entrust: Late Revocation due to SHA-256 hash algorithm
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
NetLock: Delayed revocation report connected to ticket 1680378
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
Entrust: Late Revocation for Invalid State/Province Issue
SwissSign: EV delayed revocation
Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical