← Entrust cases
Bugzilla #1898848
Delayed Revocation
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
CLOSED
FIXED
Entrust
AI Summary
Entrust reported a delayed revocation incident concerning certain EV TLS and Code Signing certificates due to jurisdiction issues. Although all affected certificates were revoked within five days of confirmation, the delay in reporting and actioning the revocation was attributed to insufficient processes and resources. Entrust acknowledged that they should have escalated the issue for investigation earlier, leading to the filing of this incident report. The company has committed to improving its internal processes to prevent similar delays in the future.
Chronology
- Issue escalated for investigation.
- Issue confirmed and certificates revoked.
- All affected certificates expired or were revoked.
- Incident report closure summary provided.
Participants
ngook.kong@entrust.com
amir@aaomidi.com
rdaurne77@gmail.com
tim.callan@sectigo.com
jrmoir@protonmail.com
bruce.morton@entrust.com
paul.vanbrouwershaven@entrust.com
bwilson@mozilla.com
External References
Similar Local Cases
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction
Entrust: Late Revocation due to SHA-256 hash algorithm
Entrust: Late Revocation for Invalid State/Province Issue
NETLOCK: Bug 1891331 replacement - delayed revocation -