← IdenTrust Services, LLC cases
Bugzilla #1861783
Certificate Problem Report
IdenTrust: S/MIME Certificates issued without CAB Forum OID
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust identified that 1135 S/MIME certificates issued to four Enterprise customers were missing the expected CA/B Forum OID after the deadline of August 31, 2023. This issue arose because the API access to the publicly trusted Intermediate Certificate Authority (ICA) was not disabled for these customers, leading to the issuance of non-compliant certificates. The affected certificates were revoked within five days of discovery, although the timeline for revocation caused dissatisfaction among some customers. No further actions are required to resolve this issue.
Chronology
- Internal review found 1135 certificates missing OID
- Disabled API access for affected customers
- Notified customers of revocation requirement
- Confirmed all affected certificates have been revoked
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Test Certificates from cross-signed roots not disclosed in CT Logs
IdenTrust: Invalid OrganizationIdentifier in S/MIME certificates
IdenTrust: Temporarily Expired CRLs
IdenTrust: OCSP Signer Certificate Missing No-Check Extension
IdenTrust: Delay Revocation for EV SSL Certificates
IdenTrust: CRL Potential Publication Delay due to Cache
IdenTrust: Missing Revocation Reasons in CRL
IdenTrust: Unauthorized OCSP responses for cross-signed roots