← DigiCert cases
Bugzilla #1527423 · Certificate Problem Report
DigiCert: P-384,ecdsa-with-SHA512 Certificates
DigiCert · RESOLVED
AI Summary
DigiCert reported a compliance issue regarding certificates signed with a P-384 sub-CA key using the ecdsa-with-SHA512 signature algorithm, which violated Mozilla's policy. The issue was first identified on February 11, 2019, and DigiCert acknowledged the problem the following day. They implemented a system block to prevent further issuance of these certificates and conducted a thorough investigation. The incident report detailed the timeline of actions taken and the problematic certificates involved.
Chronology
- Problem identified via Mozilla's security forum.
- DigiCert acknowledged the issue and began investigation.
- System block implemented to halt issuance of non-compliant certificates.
Participants
Wayne Thayer
Brenda Bernal
External References
Similar Local Cases
DigiCert: Verizon: "Default City" in Subject:localityName
DigiCert: Undisclosed CAs -Federated Trust CA-1
DigiCert: Invalid Country Code Issuance
DigiCert / ABB: Issues with DN, country code and keyUsage
DigiCert: Symantec non-constrained/non-disclosed intermediate CA certificates
DigiCert: Missed Underscore Certificate Revocations
DigiCert: Underscores - Citi
DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown"