← DigiCert cases
Bugzilla #1624527
Certificate Problem Report
DigiCert: Issuance of Cert with Compromised Key
RESOLVED
DigiCert
AI Summary
DigiCert reported the issuance of certificates with a compromised key due to a bug in their validation process. The issue was discovered during an escape analysis after a SEV1 incident, leading to the mis-issuance of 123 OV and 36 EV certificates. DigiCert took immediate action to revoke the affected certificates and implemented a blacklist system to prevent future occurrences. The case has been resolved with the implementation of new processes to enhance certificate issuance security.
Chronology
- SEV1 outage reported for storefront.
- Problem discovered during escape analysis.
- All impacted certificates revoked.
- Key blocklist tool went live.
Participants
Jeremy Rowley
Wayne Thayer
Ryan Sleevi
External References
Similar Local Cases
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension
DigiCert: CAA Checking Issue
DigiCert: Failure to revoke key-compromised certificate
DigiCert: JOI Issue
DigiCert: OCSP responder returning invalid responses
DigiCert: Failure to revoke key-compromised certificates within 24 hours
DigiCert: & character in a printableString in ICA
DigiCert / InfoCert: Insufficient Serial Number Entropy