← DigiCert cases
Bugzilla #1650910 · Policy Compliance
DigiCert: Inconsistent EV audits
DigiCert · RESOLVED
AI Summary
DigiCert reported an incident regarding inconsistent audits for Extended Validation (EV) certificates. The issue was identified through a community discussion and led to an internal investigation. DigiCert confirmed that several Intermediate Certificate Authorities (ICAs) capable of issuing EV certificates were not included in the required EV audit scope. As a result, DigiCert has committed to halting EV issuance for affected ICAs and is implementing measures to ensure compliance with audit requirements moving forward.
Chronology
- Incident reported by DigiCert
- Internal investigation initiated
- Revocation of affected certificates commenced
- Audit year closed with EV-capable CAs included
Participants
Brenda Bernal
Ryan Sleevi
Jeremy Rowley
Wayne Thayer
External References
Similar Local Cases
DigiCert: Verizon CPS lacks CPR problem reporting instructions
DigiCert: Late background refreshment check
Verify GlobalSign's continued conformance to EV guidelines
DigiCert: CAA Checking Issue
DigiCert / ABB: Issues with DN, country code and keyUsage
Distrust ISRG Subordinate Certificate and Remove It Until the CA is Compliant with Mozilla Policies
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate
DigiCert: Issuance of Cert with Compromised Key