← Actalis cases
Bugzilla #1824319
Certificate Problem Report
Actalis: pre-certificates with “certificateHold” as the revocation reason
RESOLVED
FIXED
Actalis
AI Summary
Actalis reported an incident involving eight pre-certificates that were revoked with the reason 'certificateHold'. The issue stemmed from a bug in the EJBCA software, which incorrectly applied the revocation reason. Actalis has since resolved the bug and implemented corrective measures, including an update to the EJBCA software and automation to verify compliance of their CRLs and OCSP responses. A full incident report has been published detailing the timeline and actions taken in response to the incident.
Chronology
- Received report of revoked pre-certificates
- Deployed update to EJBCA software to fix the issue
- Published full incident report
Participants
Adriano Santoni
Mathew Hodson
Dimitris Zacharopoulos
External References
Similar Local Cases
Actalis: inaccurate value in stateOrProvinceName
Actalis: Certificates issued with validity period greater than 398 days
Actalis: incorrect CP/S Last Update date in CCADB
Actalis: Non BR Compliant OCSP Responder
Actalis: CRL with duplicate serial number in revokedCertificates
Entrust: clientAuth TLS Certificates without serverAuth EKU
Actalis: CRL distribution point with ldap scheme
Actalis: Issusing 1024 bit certificates