← Buypass cases
Bugzilla #1865368
Delayed Revocation
Buypass: TLS certificates not revoked within 5 days
RESOLVED
FIXED
Buypass
AI Summary
Buypass faced challenges in revoking 591 TLS certificates that were issued with an incorrect Subject attribute order. Although they aimed to revoke all affected certificates within 5 days, only 38 were revoked on time, with the remaining 553 requiring additional time due to the complexity of the manual replacement process for Subscribers. The final certificate was revoked on January 15, 2024, after extensive communication with affected Subscribers. Buypass has acknowledged the violation of BR requirements and committed to improving their processes to prevent future delays.
Chronology
- Original error identified
- Notification to affected Subscribers completed
- 38 certificates revoked within 5 days
- Last certificate revoked
Participants
Mads Henriksveen
Amir Aamidi
External References
Similar Local Cases
Buypass: Delayed revocation of TLS certificates
Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem
CFCA: Delayed revocation of TLS certificates(basicConstraints extension not marked as critical)
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation
KIR S.A.: Delayed revocations of certificates
Entrust: Late Revocation due to SHA-256 hash algorithm
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
Camerfirma: Delayed revocations related to certificates without CABForum OV Reserved Policy Identifier