← GlobalSign nv-sa cases
Bugzilla #1845803
Certificate Problem Report
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold”
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign acknowledged an issue involving three revoked precertificates that were incorrectly marked with the reason code 'certificateHold', violating Baseline Requirements. The problem was identified during routine monitoring by the Chrome Root Program. GlobalSign initiated an investigation and confirmed that the issue stemmed from their EJBCA software. They have since implemented changes to their internal processes to prevent similar occurrences in the future.
Chronology
- Bug reported regarding revoked precertificates
- GlobalSign provided a detailed incident report
- EJBCA production cluster nodes upgraded
- CRL profile-based compliance monitoring completed
Participants
Ryan Dickson
Christophe Bonjean
Matthias
Eva Vansteenberge
B Wilson
External References
Similar Local Cases
GlobalSign: OCSP responder certificates with more than 64 characters in CN
GlobalSign: EV certificates with serialNumber Government Entity and businessCategory Private Organization
GlobalSign: EV TLS certificate with only metadata in JOI State field
GlobalSign: Invalid countryName
GlobalSign: CRLs reported in CCADB unavailable
GlobalSign: Organization-validated SMIME certificate with invalid organizationIdentifier for European country
GlobalSign: Invalid stateOrProvinceName value
GlobalSign: Invalid stateOrProvinceName and locality pair