← IdenTrust Services, LLC cases
Bugzilla #1876871
Certificate Misissuance
IdenTrust: test certificates inadvertently published in production environment
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust reported that test S/MIME and TLS certificates were mistakenly issued in the production environment instead of the test environment, violating CA/B Forum requirements. Although the certificates were revoked within minutes of issuance, the incident highlighted issues with QA access to production systems and insufficient training. IdenTrust has since taken steps to prevent future occurrences, including revoking QA access and retraining staff. The overall impact on trustworthiness is considered minimal due to the swift revocation.
Chronology
- IdenTrust confirmed inadvertent publication of test certificates.
- IdenTrust disclosed the incident to CCADB.
- IdenTrust completed analysis of the certificate database.
- IdenTrust confirmed no further remediation actions pending.
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
IdenTrust: Issuance of Subordinate CA’s Without EKU
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Approval of TLS certificate renewal without domain validation
IdenTrust: Mis-Issued EV Certificates
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Delay beyond 5 days in revoking misissued certificates
IdenTrust: Root OCSP Signer certificate mis-issuance
IdenTrust: CT Logging Mistakes