Actalis: revocation delay for certificates issued with invalid RDN Order

Actalis experienced a delay in revoking 263 mis-issued EV certificates due to internal process inefficiencies. After confirming the mis-issuance on March 11, 2024, the revocation was completed by March 15, 2024, but not within the required timeframe as outlined in the Baseline Requirements. The incident prompted a review of their incident management processes, resulting in successful implementation of action items aimed at preventing future occurrences.

1. 2024-03-04 Received email reporting potential issue with EV certificate
2. 2024-03-11 Confirmed mis-issuance and decided to revoke affected certificates
3. 2024-03-15 All affected certificates revoked
4. 2024-05-01 Deadline for action items completion