← Google Trust Services LLC cases
Bugzilla #1815874
Certificate Problem Report
Google Trust Services: incorrect SCT in certificate
RESOLVED
FIXED
Google Trust Services LLC
AI Summary
Google Trust Services (GTS) issued a certificate containing incorrect Signed Certificate Timestamps (SCTs), which violated Mozilla's Root Store Policy. The issue was identified when a user reported that the SCTs embedded in the certificate did not match the corresponding precertificate. GTS confirmed the presence of invalid SCTs and ceased issuance of affected SignedHTTPExchange (SXG) certificates. Following an investigation, GTS identified a coding error that led to the misissuance and has since implemented fixes and additional checks to prevent recurrence.
Chronology
- Bug opened regarding incorrect SCTs in certificate
- GTS ceases issuance of SXG certificates
- Revocation of affected certificates begins
- GTS submits detailed incident report
- Bug resolved
Participants
Andrew Ayer
James Longmore
A Warner
J Kasten
Ryan Dickson
B Wilson
External References
Similar Local Cases
Google Trust Services: Certificates not disclosed in CCADB
Google Trust Services: invalid CRL reason code
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold”
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate
NETLOCK: Disclosed CRL is expired
Actalis: two CAs with the same CRLDP