← Sectigo cases
Bugzilla #1823723
Policy Compliance
Sectigo: Incomplete Subscriber Agreement provisions
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified an issue during an annual WebTrust Audit where customers could order certificates without being presented with the Sectigo Certificate Subscriber Agreement. This was due to a bug in a third-party e-commerce system, WHMCS, which failed to present the agreement in certain purchase paths. The issue has been remediated by updating the Terms of Use to include acceptance of the Subscriber Agreement. A comprehensive compliance review confirmed no further cases of the problem.
Chronology
- Demo of the order and issuance process conducted with auditor.
- Auditor inquires about the Subscriber Agreement presentation.
- WIR team informed of the auditor's finding.
- WIR team confirms the issue and discusses findings.
- Legal team added to ongoing discussions.
- Changes deployed to website to resolve the issue.
- Compliance review concluded with no further issues.
- Case closed as resolved.
Participants
Martijn Katerbarg
Ben Wilson
External References
Similar Local Cases
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Sectigo: Missing Changelog in CPS
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)
Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours
Lawtrust: The S/MIME CA’s policy identifiers did not align with the CA/Browser Forum Requirements.
NETLOCK: CPS 1.5.2. problem and contact information update
TWCA: Policy OID not set to indicate the assurance level to the issued certs
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB