← Entrust cases
Bugzilla #1886532
Delayed Revocation
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
RESOLVED
FIXED
Entrust
AI Summary
Entrust faced a significant incident involving the delayed revocation of EV TLS certificates due to missing cPSuri. The revocation process was complicated by the need to coordinate with multiple teams and external companies, leading to extended timelines for certificate replacement. Entrust acknowledged that the delays were not in line with the expected standards and committed to improving their processes to ensure compliance with the Baseline Requirements in the future. The incident has raised concerns about the handling of critical infrastructure certificates and the necessity for stricter adherence to revocation timelines.
Chronology
- Publication of the original preliminary incident report.
- Initial briefing support teams and stopping the issuance of mis-issued certificates.
- Requested impacted customers to replace their certificates.
- All affected certificates were revoked.
Participants
paul.vanbrouwershaven@entrust.com
bwilson@mozilla.com
jrmoir@protonmail.com
rdaurne77@gmail.com
tim.callan@sectigo.com
martijn.katerbarg@sectigo.com
Zacharias.bjorngren@gmail.com
External References
Similar Local Cases
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
NETLOCK: Bug 1891331 replacement - delayed revocation -
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
Entrust: Late Revocation due to SHA-256 hash algorithm
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Entrust: Late Revocation for Invalid State/Province Issue
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction