← Sectigo cases
Bugzilla #1891039
Certificate Problem Report
Sectigo: Premature disabling of CRL generation for an inactive CA
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo reported a compliance incident due to the premature disabling of CRL generation for an expired S/MIME Root CA. This action affected two unexpired cross-certificates issued by a currently trusted root. To resolve the issue, Sectigo planned to revoke the affected cross-certificates. The incident was addressed promptly, with necessary actions taken to update their policy regarding CRL and OCSP services when shutting down a CA.
Chronology
- Incident reported regarding CRL generation for expired CA.
- Revocation of affected cross-certificates planned.
- Request to mark the bug as resolved.
- Confirmation that action items were completed.
Participants
Martijn Katerbarg
Ben Wilson
Wayne Daurne
External References
Similar Local Cases
Sectigo: Non-existent hostname in CDP and AIA URLs
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value
Sectigo: HTML encoded characters in subject attribute values
Sectigo: S/MIME certificates with (null) string value in subject attributes
Sectigo: Failure to revoke ECC certificates with non-DER encoded keyUsage within 5 days
Sectigo: Late revocation for incomplete Subject organizationName
Sectigo: Missing character in subject:organizationName attribute value
Sectigo: Temporary unavailability for subset of CRLs