← DigiCert cases
Bugzilla #1550645 · Certificate Problem Report
DigiCert: CAA Checking Issue
DigiCert · RESOLVED
AI Summary
DigiCert identified a significant issue where 1053 certificates were issued without proper CAA record checks due to a failure in their internal CAA checking service. This problem was discovered on April 29, 2019, and a fix was implemented the same day to prevent further issuance under similar conditions. The CA has since revoked the affected certificates and is enhancing their processes to ensure compliance with CAA requirements.
Chronology
- Issue discovered during testing.
- Fix applied to prevent issuance without CAA checks.
- Report generated indicating 1053 affected certificates.
- Training scheduled for compliance with CAA requirements.
- Redundant checks for CAA implemented.
Participants
Brenda Bernal
Jeremy Rowley
Wayne Thayer
Ryan Sleevi
External References
Similar Local Cases
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension
DigiCert: Incorrect RegNumber-Org Type combination
DigiCert: Verizon: "Default City" in Subject:localityName
DigiCert: Underscores - Citi
DigiCert: Issuance of Cert with Compromised Key
DigiCert: Underscores - Ericsson
DigiCert / ABB: Issues with DN, country code and keyUsage
DigiCert: Failure to revoke key-compromised certificate