DigiCert: Validation Scope Incident

DigiCert experienced a validation scope incident where certificates were improperly issued due to a flaw in a legacy feature called 'Certificates Plus'. This feature allowed for the addition of domains post-validation, leading to mis-issuance of certificates. Upon discovery, DigiCert promptly initiated an investigation, identified the root cause, and took corrective actions, including revoking affected certificates and disabling the faulty feature. The incident highlights the importance of rigorous validation processes and the need for continuous improvement in certificate issuance practices.

1. 2019-05-29 Support engineer noticed validation mismatch
2. 2019-05-30 Root cause identified and faulty logic disabled
3. 2019-06-04 390 certificates reissued/revalidated; 679 revoked
4. 2019-10-31 New domain validation system deployed