← Entrust cases
Bugzilla #1914065
Certificate Misissuance
Entrust: S/MIME certificates lacking OU verification
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified that 1,039 S/MIME Sponsor-Validated certificates were mis-issued due to the lack of verification of the organizational unit (OU) field, violating S/MIME BR requirements. All affected certificates have been revoked, and Entrust has committed to training personnel on updated compliance policies to prevent future occurrences. The incident was resolved with all action items completed, and a full incident report will be made available.
Chronology
- All affected customers were notified of the mis-issued certificates.
- Revocation of mis-issued certificates completed.
- Incident report closure summary prepared.
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: S/MIME OrgID Country not matching C field
Entrust: Issued Certificates to incorrect Organization
Entrust: Certificate issued with validity greater than 825-days
Entrust: CPS typographical (text placement) error
Entrust: Jurisdiction Locality Wrong in EV Certificate
Entrust: Business Entity not permitted in CPS
Entrust: Subscriber provides private key with CSR
Entrust: Failure to revoke OV TLS - CPS typographical (text placement) error