← IdenTrust Services, LLC cases
Bugzilla #1914067
Certificate Problem Report
IdenTrust: Expired CRLs
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported an incident involving expired Certificate Revocation Lists (CRLs) that were publicly available for approximately 8 hours on August 18, 2024. This incident was a violation of TLS BRs regarding service availability. The expired CRLs affected the validation process for certificates issued under their trust anchors. The root cause was identified as a misconfiguration during a scheduled server OS update, which led to the failure of the alert system meant to notify the team about impending CRL expirations. The issue has since been resolved, and improvements have been made to the monitoring and alerting systems.
Chronology
- Expired CRLs were detected, affecting certificate validations.
- CRLs were renewed and alert system reconfigured.
- Complete incident report submitted.
- Improvements to debugging capabilities implemented.
- Issue considered closed/resolved.
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
IdenTrust: Expired ICAs CRLs
IdenTrust: Unavailable CRL for IdenTrust ‘DST Root CA X3’.
IdenTrust: Pre-certificates without a final certificate showing OCSP error
IdenTrust: Failure to provide OCSP responses for valid ICA certificates
IdenTrust: CRL Potential Publication Delay due to Cache
IdenTrust: Certificate with missing details flagged by OCSP Watch
IdenTrust: Service Degradation
IdenTrust: Bad OCSP Responses