← Netlock cases
Bugzilla #1830823
Certificate Problem Report
NETLOCK: Pre-certificates revoked with certificateHold reason
RESOLVED
FIXED
Netlock
AI Summary
NETLOCK faced an issue where pre-certificates were revoked with the reason 'certificateHold', which is against the Baseline Requirements. This incident was reported after NETLOCK was notified by a customer about errors in certificate issuance. Although the revocation reason was promptly removed from their system, the incident report was delayed beyond the required two-week timeframe. NETLOCK has since updated their processes to prevent similar issues in the future.
Chronology
- Customer notified NETLOCK of certificate errors.
- Revocation reason 'certificateHold' was removed from the live site.
- New online interface released without the 'certificateHold' option.
- Final updates and training completed; ticket ready for closure.
Participants
Mathew Hodson
Tamás Horváth
Rob Stradling
Brett Wilson
External References
Similar Local Cases
NETLOCK: SSL certificates with OU field - revocation delay
NETLOCK: SSL certificates with OU field
NETLOCK: Invalid CT data in issued certs (SABRE.CT misconfiguration)
NETLOCK: CRL Error on CRL Watch of NETLOCK DVCA CRL
Let's Encrypt: Duplicate Serial Numbers
NETLOCK: Disclosed CRL is expired
CFCA: Certificate with wrong crlDistributionPoints
NetLock: Failure to revoke noncompliant ICA within 7 days