← DigiCert cases
Bugzilla #1838334 · Certificate Problem Report
DigiCert: Sub CA with EV OIDs without audit report
DigiCert · RESOLVED
AI Summary
DigiCert identified a compliance issue with eight TLS Issuing subCAs that contained EV policy OIDs but lacked a valid EV audit. Upon discovering this, DigiCert promptly revoked the affected subCAs to prevent any potential misissuance of EV certificates. The incident was thoroughly documented, and corrective measures were implemented to ensure compliance moving forward.
Chronology
- DigiCert signed eight ICAs for external hosting by Microsoft.
- The eight mis-issued ICAs were revoked.
- DigiCert revised the ICA template to exclude the EV OID.
Participants
Martin Sullivan
B Wilson
External References
Similar Local Cases
DigiCert: Inconsistent validation information
DigiCert: TLS certificates with incorrect policy OID
Digicert: SMIME certs missing State in Org ID
DigiCert: Certificates issued inconsistent with S/MIME BR v1.0.1
DigiCert: 4 CRLs unavailable or not responding
DigiCert: Org information issue in new validation workflow
DigiCert: Private Keys Disclosed by Customers as Part of CSR
DigiCert: OCSP responder returning invalid responses