← Entrust cases
Bugzilla #1887753
Policy Compliance
Entrust: Delay in Updating CPS
RESOLVED
FIXED
Entrust
AI Summary
Entrust experienced a delay in updating its Certificate Policy Statement (CPS) which led to the issuance of EV TLS certificates without the appropriate policy identifier. This issue arose from a misunderstanding of the CA/Browser Forum's requirements and resulted in a temporary removal of the Entrust EV TLS CP OID from certificates. Although the certificates were compliant with TLS Baseline Requirements, they were not in accordance with the Entrust CPS, leading to some browsers not recognizing them as EV certificates. The situation was resolved with a complete CPS update on March 22, 2024, and no security risk was identified for relying parties or subscribers.
Chronology
- Entrust EV TLS CP OID removed from EV TLS certificates.
- Entrust EV TLS CP OID added back to EV TLS certificates.
- Incomplete CPS update posted.
- Complete CPS update posted.
Participants
Bruce Morton
Rob Stradling
Ryan Dickson
External References
Similar Local Cases
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5
Entrust: Cross-certified CA CP/CPS not updated in CCADB
Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits
Entrust: Improperly Verified Business Category
Entrust: Non-BR-Compliant Certificate Issuance
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key
Firmaprofesional: 2023 - documentary inconsistency