← Entrust cases
Bugzilla #1910237
Certificate Problem Report
Entrust: Delayed Revocation for S/MIME certificates
RESOLVED
FIXED
Entrust
AI Summary
Entrust reported a delay in revocation for three S/MIME certificates that were mis-issued. The revocation process began after confirming the mis-issuance, which led to exceeding the 5-day revocation deadline. Entrust acknowledged the need to update their practices to start the revocation period upon receipt of a Certificate Problem Report (CPR) rather than after confirmation of mis-issuance. They have since implemented changes to their issue management process and deployed pre-sign linting for S/MIME certificates to prevent future occurrences.
Chronology
- Email received indicating an error found by linting software.
- First mis-issued certificate revoked.
- Entrust updated issue management process.
- Pre-sign linting for S/MIME deployed.
Participants
Bruce Morton
Alexander P
Paul Vanbrouwershaven
External References
Similar Local Cases
Entrust: Certificate issued with '-' in ST field
Entrust: delayed revocation
Entrust: CRL missing revocation reasonCode
Entrust: IP Address in dNSName form
Entrust: Test Website Certificates Expired
Entrust: SSL Certificates issued with Un-verified IP Addresses
Entrust: Incomplete privileged access removal within 24 hours
Entrust: Failure to revoke EV TLS certificates issued before CPS update