← SwissSign AG cases
Bugzilla #1861682
Delayed Revocation
SwissSign: EV delayed revocation
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a delayed revocation of 40 EV certificates due to customer requests that extended beyond the mandated 5-day period. The decision was influenced by the nature of the mis-issuance, which was compliance-related and did not pose security risks. Affected customers included critical infrastructure entities, such as a hospital and a bank, which had emergency processes in place for certificate replacement. The revocation was ultimately completed by the specified deadlines, and the incident was documented as a violation of CA/B Baseline regulations.
Chronology
- Compliance incident raised leading to Bugzilla 1860750
- Decision taken by Compliance team for individual customer cases
- Revocation of 33 certificates completed
- Revocation of 3 certificates completed
- Revocation of 4 certificates completed, all affected certificates revoked
Participants
Roman Fischer
Chris Clements
B Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
SwissSign: Delayed revocation related to Bugzilla 2033000
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction
Asseco DS / Certum: Delayed revocation of SHECA cross certificate
eMudhra emSign PKI Services: Delayed Revocation of SSL/TLS Certificates
D-TRUST: Delayed revocation of EV certificates
FIRMAPROFESIONAL: Delayed leaf revocation
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation
Entrust: Late Revocation for Invalid State/Province Issue