← DigiCert cases
Bugzilla #1794050 · Certificate Problem Report
DigiCert: Org information issue in new validation workflow
DigiCert · RESOLVED
AI Summary
DigiCert identified an issue in their new validation workflow that led to the misissuance of certificates containing unverified DBA information. The problem was detected on September 29, 2022, prompting an investigation that revealed a UI issue allowing validation staff to select incorrect information. The CA took corrective actions, including revocation of impacted certificates and updates to their validation processes. The case was resolved with the implementation of additional safeguards to prevent future occurrences.
Chronology
- DigiCert validation team detected an anomaly in an issued certificate.
- Compliance performed a final sweep to confirm impacted certificates.
- DigiCert lodged the bug report and initiated revocation of impacted certificates.
Participants
Jeremy Rowley
B Wilson
Rob from Sectigo
External References
Similar Local Cases
DigiCert: Inconsistent validation information
DigiCert: Private Keys Disclosed by Customers as Part of CSR
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate
DigiCert: JOI Issue
DigiCert: Key Size Not Divisible By 8
DigiCert: Issuance of Cert with Compromised Key
DigiCert: Issuance of certs with weak keys (ROCA)
DigiCert: delayed publication of revocation information