← Microsec Ltd. cases
Bugzilla #1887110
Delayed Revocation
Microsec: Delayed revocation of the misissued certificates
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. faced a situation where they misissued 46 EV certificates lacking a CPSuri link. While 44 of these certificates were revoked within the mandated 5-day period, two certificates used in a PSD2 network could not be replaced in time due to the complexity of the network and the number of partners involved. This led to a request for an extension of the revocation deadline, which was granted under exceptional circumstances. Microsec has since committed to improving their Certificate Policy Statement (CPS) to prevent similar issues in the future and has established a new dedicated CA hierarchy for issuing PSD2 client authentication certificates.
Chronology
- Microsec received a report of a potentially misissued certificate.
- A second report was received, prompting immediate action.
- 44 misissued certificates were revoked.
- The last two misissued certificates were revoked after an extension.
- Closure summary provided, detailing improvements and commitments.
Participants
dr. Sándor SZŐKE
Mike Shaver
Tim Callan
Dimitris Zacharopoulos
Ben Wilson
External References
Similar Local Cases
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days
Buypass: Delayed revocation of TLS certificates
Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation