← DigiCert cases
Bugzilla #1896462 · Certificate Problem Report
Digicert: Preview certificate uploaded to CCADB instead of the actual certificate
DigiCert · RESOLVED
AI Summary
DigiCert encountered an issue where a preview certificate was mistakenly uploaded to the Common CA Database (CCADB) instead of the actual publicly trusted certificate. This error occurred during the testing of a new tool, PrimaRoot, which automatically uploads certificates. The mistake was identified after a notification from Sectigo, leading to the revocation of the incorrect certificate. DigiCert has since implemented signature checking to prevent similar issues in the future.
Chronology
- Primaroot deployed
- Preview ICA created
- Publicly-trusted ICA signed
- Preview cert uploaded to CCADB
- Correct certificate uploaded and revoked
Participants
Jeremy Rowley
Rob Stradling
Ben Wilson
External References
Similar Local Cases
DigiCert / InfoCert: Insufficient Serial Number Entropy
DigiCert: Failure to find and revoke key-compromised certificates within 24 hours
DigiCert: Truncation of Registration Number
DigiCert: Incorrect CP listed in CCADB
Digicert: Government Entity listed instead of registration number
Digicert: SMIME certificate with unvalidated information
DigiCert: Random value in CNAME without underscore prefix
DigiCert: Failure to revoke key-compromised certificates within 24 hours