← iTrusChina Co., Ltd. cases
Bugzilla #1907949
Certificate Problem Report
iTrusChina: CRL Reason Codes
RESOLVED
FIXED
iTrusChina Co., Ltd.
AI Summary
iTrusChina faced an issue with two revoked certificates that were listed in their Certificate Revocation List (CRL) with an undefined reason code, which is a violation of RFC 5280. The company acknowledged the problem and initiated an investigation, identifying that a system bug caused the incorrect CRL reason codes. They have since implemented corrective actions, including restricting subscribers from providing unpermitted revocation reasons and enhancing their monitoring processes to ensure compliance with TLS BRs. All action items have been completed, and the issue is now resolved.
Chronology
- Bug reported regarding CRL reason codes.
- iTrusChina began investigation into the issue.
- iTrusChina completed all action items related to the incident.
- Bug closed as resolved.
Participants
Ben Wilson
iTrusChina Co.,Ltd.
External References
Similar Local Cases
iTrusChina: CPR was not responded to within 24 hours
Sectigo: Lack of input validation in stateOrProvinceName
eMudhra emSign PKI Services : Key Blocking Mechanism Fails to Validate Historical Public Key Reuse.
FNMT: Certificates issued included Policy qualifiers other than id-qt-cps
DigiCert: 4 CRLs unavailable or not responding
iTrusChina: verification errors for the roots' CRLs(ARL)
Sectigo: HTML encoded characters in subject attribute values
DigiCert: Failure to revoke key-compromised certificates within 24 hours