← Buypass cases
Bugzilla #1872738
Delayed Revocation
Buypass: Delayed revocation of TLS certificates
RESOLVED
FIXED
Buypass
AI Summary
Buypass faced a significant incident involving the delayed revocation of approximately 177,000 TLS certificates, which should have been revoked within 24 hours of identification. The delay was attributed to concerns about subscriber readiness during the holiday season and the need for system adjustments to handle high volumes of certificate renewals. Despite the challenges, Buypass has since completed the revocation process and implemented measures to ensure compliance with revocation requirements moving forward.
Chronology
- Buypass became aware of the issue with external DNS resolvers.
- Initial incident report submitted.
- Full incident report provided, detailing the revocation timeline.
- All affected certificates have been revoked.
- Closure summary submitted, detailing actions taken.
Participants
Mads Henriksveen
Paul
Tim Callan
Ben Wilson
External References
Similar Local Cases
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem
Buypass: TLS certificates not revoked within 5 days
Microsec: Delayed revocation of the misissued certificates
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical
Digicert: Delayed Revocation for bug 1894560
eMudhra emSign PKI Services: Delayed Revocation of SSL/TLS Certificates