← Actalis cases
Bugzilla #1914419
Certificate Problem Report
Actalis: Use of CRLReason Code in Certificate Revocation
CLOSED
FIXED
Actalis
AI Summary
Actalis faced an issue with the incorrect assignment of CRLReason codes during certificate revocations related to incidents reported in Bugzilla. Instead of using the required code #4 (superseded), the revocations were marked with #0 (unspecified) or #5 (cessationOfOperation), violating the Baseline Requirements (BRs). The root cause was identified as an outdated revocation UI that led to operator misinterpretation, compounded by a lack of formal specification from the compliance department. Remediation actions included retroactively correcting the codes, redesigning the UI for clarity, and retraining operators to ensure compliance with BRs.
Chronology
- Preliminary incident report posted acknowledging the issue.
- Action items for remediation were outlined and progress reported.
- Closure summary provided, confirming all action items completed.
Participants
Marco Menonna
Ben Wilson
External References
Similar Local Cases
Actalis: CRL distribution point with ldap scheme
Actalis: Incorrect OCSP Delegated Responder Certificate
Actalis: two CAs with the same CRLDP
Actalis: revocation delay for certificates issued with invalid RDN Order
Actalis: CRL with duplicate serial number in revokedCertificates
Actalis: missing CCADB disclosure for new SubCA
GoDaddy: OV Documentation Reuse
GlobalSign: Failure to revoke noncompliant ICA within 7 days