← Certainly LLC cases
Bugzilla #1819422
Technical Compliance
Certainly: CRL Issuing Distribution Point Mismatch in CCADB
RESOLVED
FIXED
Certainly LLC
AI Summary
Certainly LLC identified a mismatch between their CCADB entries for the 'JSON Array of Partitioned CRLs' and the URLs in the Issuing Distribution Point (IDP) extension of their end-entity CRLs. This issue was first noted on February 20, 2023, through the CRL Watch website. The CA took immediate action to correct the URLs in CCADB to comply with Mozilla's Root Store Policy. All remediation steps have been completed, and the situation is being monitored to prevent future occurrences.
Chronology
- Certainly becomes aware of CRL IDP mismatch via CRL Watch.
- Incident report published.
- Bug resolved and closed.
Participants
Wayne Thayer
Andrew Ayer
Ryan Dickson
B. Wilson
External References
Similar Local Cases
Certainly: Root CRL validity period exceeds maximum by one second
D-TRUST: CRL not DER-encoded
Sectigo: CRL validity beyond CPS allowed value
GoDaddy: inconsistent CP/CPS disclosure
GlobalSign: CRL contains invalid signature algorithm
Entrust: Non-BR-Compliant OCSP Responder
DocuSign/Keynectis: Non-Compliant Technically Constrained Intermediates
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance