← DigiCert cases
Bugzilla #1936908 · Certificate Problem Report
DigiCert: Encoded HTML entities in attribute values
DigiCert · RESOLVED
AI Summary
DigiCert reported an incident involving six certificates that were issued with HTML-encoded attribute values due to an outdated version of their internal linting tool, pkilint. The issue was detected during post-issuance scans, leading to the revocation of the misissued certificates within the mandated timeframe. DigiCert has since updated their pkilint tool and implemented new procedures to prevent similar issues in the future, including automated alerts for linting updates.
Chronology
- PKILint (v0.12.0) released, includes update for this failure mode
- Trust Assurance finds 6 misissued certificates in post-issuance scans
- All certs revoked
- Action items completed
Participants
Tim Hollebeek
DigiCert Team
Rob from Sectigo
Ben Wilson
Mike Shaver
External References
Similar Local Cases
DigiCert: Late incident report for bug 1925106
DigiCert: Some CRLs were not updated for a few days
DigiCert: Typo in TLS Org Name
DigiCert: Incorrect OrgID in S/MIME certificates for one customer
DigiCert: Random value in CNAME without underscore prefix
DigiCert: Incorrect CP listed in CCADB
DigiCert / InfoCert: Insufficient Serial Number Entropy
DigiCert: 4 CRLs unavailable or not responding