← GoDaddy cases
Bugzilla #1829024
Certificate Problem Report
GoDaddy: CRL Issuer Mismatch
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy reported a CRL issuer mismatch issue that was identified through CRL Watch. The problem was traced back to an unused intermediate certificate that had an incorrect issuer subject mismatch. GoDaddy promptly investigated the issue upon notification and updated the CRL in the CCADB to resolve the mismatch. No certificates were issued with the problem, and the CA has taken steps to prevent similar issues in the future by flagging the unused intermediate in the CCADB.
Chronology
- CRL Watch announced on CCADB google group
- Ben Wilson notified GoDaddy of issuer mismatch
- Updated CRL in CCADB to fix issue
- Posted Bugzilla report
Participants
daryn@godaddy.com
bwilson@mozilla.com
External References
Similar Local Cases
GoDaddy: Domain Validation Reuse Issue
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com
GoDaddy : CAA checks did not properly handle issuewild tag allowing FQDN SANs to be added to wildcard certs
GoDaddy: Failure to revoke key-compromised certificates within 24 hours
GoDaddy: Does not provide a method for domain owners to revoke their certificates
GoDaddy: CRL Disclosure in CCADB Mismatch with Issued Certificates
GoDaddy: Missing R1 Intermediate Full CRL URLs in CCADB