← D-TRUST cases
Bugzilla #1913310
Certificate Problem Report
D-Trust: CRL-Entries without required CRL Reason Code
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust faced a compliance issue when revoking 2,601 TLS certificates as part of Bugzilla incident 1884714. The revocation process did not include the required CRL reason code, which is a violation of TLS BRs section 4.9.1.1. The investigation revealed that the mass revocation process lacked a mandatory input for the CRL reason code, leading to this oversight. D-Trust has since implemented measures to ensure compliance, including retraining staff and updating internal documentation.
Chronology
- Provisions from Ballot SC61 entered into force.
- All affected TLS certificates were revoked without the necessary CRL reason code.
- Preliminary incident report opened.
- Final incident report published.
- All action items completed.
- Incident closure expected.
Participants
Enrico Entschew
B. Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714
D-TRUST: Certificate with RSA key where modulus is not divisible by 8
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours
D-TRUST: Wrong key usage (Key Encipherment)
D-Trust: Missing Pre-Signing Linting for TLS Issuance
D-TRUST: syntax error in one tls certificate
D-TRUST: Precertificate OU > 64 Characters
D-TRUST: incorrectly formatted businessCategory entry