← Entrust cases
Bugzilla #1885754
Certificate Problem Report
Entrust: CPR was not responded to in 24 hours
RESOLVED
FIXED
Entrust
AI Summary
Entrust faced an issue where a Certificate Problem Report (CPR) was not acknowledged within the required 24-hour timeframe. The CPR was submitted regarding a mis-issued certificate, but the initial response from Entrust was delayed, leading to concerns about compliance with the Baseline Requirements. After the report was filed, Entrust confirmed receipt and acknowledged the issue, stating they would improve their CPR handling processes. The incident highlighted the need for better automation and training for their support staff to ensure timely responses in the future.
Chronology
- CPR submitted to Entrust regarding mis-issued certificate.
- Bugzilla case opened due to lack of response.
- Entrust acknowledged the CPR.
- Incident report prepared by Entrust.
- Entrust launched a new problem reporting page.
- Request to close the bug.
Participants
amir@aaomidi.com
paul.vanbrouwershaven@entrust.com
rob@sectigo.com
bruce.morton@entrust.com
rdaurne77@gmail.com
ngook.kong@entrust.com
bwilson@mozilla.com
External References
Similar Local Cases
Entrust: Delayed reporting of Jurisdiction issue in some EV TLS & Code Signing certificates
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
SECOM: Difference in upper and lower case between CN field and SAN
Microsoft PKI Services: Failure to Update Full Incident Report within 14 days of discovering new root cause
ACCV: Delayed response to CPR
Entrust: Failure to provide a preliminary report within 24 hours.
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints