← Entrust cases
Bugzilla #1867130
Certificate Misissuance
Entrust: Jurisdiction Locality Wrong in EV Certificate
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified a misissuance of two EV TLD certificates and one EV Code Signing certificate due to a manual error where a postal code was incorrectly entered in the Jurisdiction locality field instead of a city name. This issue was discovered during a routine annual re-verification on November 17, 2023. Following the identification of the error, the certificates were revoked by November 26, 2023. Entrust has since implemented action items to prevent similar occurrences, including updating 340 accounts and enhancing their verification software.
Chronology
- Issue identified during annual re-verification.
- Investigation completed.
- All affected certificates were revoked.
- Software update released to improve visibility of changes.
Participants
Bruce Morton
Mathew Hodson
External References
Similar Local Cases
Entrust: S/MIME OrgID Country not matching C field
Entrust: Question marks in certificate O and L fields
Entrust: Subscriber provides private key with CSR
Entrust: S/MIME certificates lacking OU verification
Entrust: S/MIME mailbox address not in subjectAltName
Entrust: Certificate issued with validity greater than 825-days
Entrust: CPS typographical (text placement) error
Entrust: Issued Certificates to incorrect Organization