← D-TRUST cases
Bugzilla #1884714
Certificate Problem Report
D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access field
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust issued TLS certificates containing an LDAP-URL in the Subscriber Certificate Authority Information Access field after September 15, 2023. Upon discovering this issue, D-Trust promptly adjusted its certificate profiles to eliminate LDAP entries in future products. A total of 2,601 affected certificates were revoked on March 15, 2024, following a decision made on March 11, 2024, as a precautionary measure. The incident highlighted misinterpretations of the Baseline Requirements and the need for improvements in certificate profile reviews and linter tools.
Chronology
- Entry into force of the provisions from Ballot SC62
- Email about a potential violation of the BRs
- Decision to revoke affected TLS certificates
- Revocation of all affected TLS certificates
Participants
Enrico Entschew
L. Sahin
Daniel McCarney
Chris Clements
Ryan Dickson
Rob Stradling
External References
Similar Local Cases
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject
D-Trust: QCStatement with http link of PKI Disclosure Statements
D-Trust: TLS Precertificates Exceeding the Maximum Validity Period Allowed by the TLS Baseline Requirements
D-TRUST: incorrectly formatted businessCategory entry
D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName
D-TRUST: EV certificates with incorrectly used businessCategory entry