← DigiCert cases
Bugzilla #1662346 · Certificate Problem Report
DigiCert: OCSP responder returning invalid responses
DigiCert · RESOLVED
AI Summary
DigiCert identified an issue where their OCSP responder incorrectly returned 'good' for revoked certificates due to a code bug introduced during a system migration. The problem was discovered during routine checks while shutting down the on-demand OCSP service. DigiCert took immediate action to investigate and rectify the issue, deploying a fix and ensuring that all affected certificates were handled appropriately. The incident highlighted the need for improved testing and quality control measures within their development processes.
Chronology
- Issue discovered during system changes
- Code fix deployed to correct OCSP responses
- Bug reported and case opened
- Scheduled for closure
Participants
Martin Sullivan
Jeremy Rowley
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
Digicert: SMIME certificate with unvalidated information
DigiCert: Incorrect OCSP Delegated Responder Certificate
DigiCert: Failure to revoke key-compromised certificates within 24 hours
DigiCert / InfoCert: Insufficient Serial Number Entropy
DigiCert: Certificate Issues Identified on the Mailing List
DigiCert: Issuance of Cert with Compromised Key
DigiCert: CAA Checking Issue
DigiCert: Random value in CNAME without underscore prefix