← Entrust cases
Bugzilla #1889217
Certificate Problem Report
Entrust: CRL non-conformance with the TLS BRs
RESOLVED
FIXED
Entrust
AI Summary
Entrust faced an issue with two of its Certificate Revocation Lists (CRLs) that were found to be non-compliant with the TLS Baseline Requirements (BRs) and RFC 5280. The CRLs incorrectly included a revoked certificates field without any revoked certificates listed, violating the requirement that this field must be absent when there are no revoked certificates. The problem was traced back to a bug in Entrust's CRL generation software, which has since been updated to ensure compliance. An incident report detailing the issue and corrective actions has been prepared and shared.
Chronology
- Bug reported regarding CRL non-compliance.
- Entrust confirmed the issue was due to a bug in CRL generation software.
- Incident report detailing the issue and corrective actions was created.
- Entrust confirmed all actions were complete and monitoring would continue.
Participants
Ryan Dickson
Bruce Morton
External References
Similar Local Cases
Entrust: clientAuth TLS Certificates without serverAuth EKU
Entrust: EV Certificate missing Issuer’s EV Policy OID
Entrust: Failure to revoke EV TLS certificates issued before CPS update
Entrust: CRL missing revocation reasonCode
Entrust: Failure to revoke a certificate
Entrust: Incorrect keyUsage for ECC certificate
Entrust: SSL Certificates issued with Un-verified IP Addresses
Entrust: Test Website Certificates Expired