← IdenTrust Services, LLC cases
Bugzilla #1897569
Certificate Problem Report
IdenTrust: TLS ICA with User Notice in Policy Qualifier
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust issued an intermediate CA certificate (ICA) with a 'User Notice' policy qualifier, which is no longer compliant with the CA/Browser Forum's Server Baseline Requirements effective September 15, 2023. Upon discovering the issue on May 9, 2024, the ICA was promptly revoked on May 10, 2024. A review revealed that the Linter tool used for validation was outdated, leading to the oversight. IdenTrust has since updated the Linter tool and established processes to ensure compliance with current requirements.
Chronology
- ICA created in pre-production environment.
- New ICA uploaded into CCADB.
- Issue discovered via Bugzilla comment.
- ICA revoked.
- Updated Linter tool deployed.
Participants
IdenTrust
Mathew Hodson
Mozilla
External References
Similar Local Cases
IdenTrust: TLS self audit testing below 3%
IdenTrust: Failure to Revoke Subscriber Certificates Within 5 days
IdenTrust: Pre-certificates without a final certificate showing OCSP error
IdenTrust: Failure to provide OCSP responses for valid ICA certificates
IdenTrust: Expired CRLs
IdenTrust: Invalid OrganizationIdentifier in S/MIME certificates
IdenTrust: Expired ICAs CRLs
IdenTrust: EV TLS certificate with wrong jurisdiction state for private organization