DigiCert: Invalid Characters in S/MIME Subject Fields

DigiCert experienced a misissuance of 21 S/MIME certificates due to a configuration error in their linting process, which allowed invalid characters in subject fields. The issue was identified through post-issuance checks, leading to the immediate revocation of the affected certificates. Remediation steps included fixing the linting configuration and enhancing logging and alerting mechanisms. DigiCert is committed to maintaining compliance and is in the process of deprecating the legacy system involved.

1. 2024-12-10 Issue reported via post-issuance linting
2. 2024-12-12 All affected certificates revoked
3. 2025-01-29 Incident report closure summary drafted
4. 2025-02-14 Bug ready to close