← Entrust cases
Bugzilla #1897630
Certificate Problem Report
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified a jurisdiction issue affecting 101 EV TLS certificates and 5 Code Signing certificates, where the jurisdiction locality was incorrectly included while the jurisdiction state or province was missing. This mis-issuance was confirmed internally on May 16, 2024, following a scan with pkilint. All affected certificates were revoked or expired by May 21, 2024. Entrust has implemented corrective measures and filed reports regarding the delayed revocation and reporting of this incident. A full incident report is expected to be completed by May 24, 2024.
Chronology
- Initial discovery of jurisdiction issue during pkilint scan.
- Internal confirmation of mis-issuance.
- All affected certificates revoked or expired.
- Full incident report expected.
Participants
ngook.kong@entrust.com
amir@aaomidi.com
rdaurne77@gmail.com
bruce.morton@entrust.com
paul.vanbrouwershaven@entrust.com
bwilson@mozilla.com
External References
Similar Local Cases
Entrust: Delayed reporting of Jurisdiction issue in some EV TLS & Code Signing certificates
Entrust: CPR was not responded to in 24 hours
SECOM: Difference in upper and lower case between CN field and SAN
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
ACCV: Delayed revocation of TLS certificates affected by bug #1884532
GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com
Microsoft PKI Services: CA Certificates not published in DER Encoded Format
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order