← Entrust cases
Bugzilla #1918380
Certificate Misissuance
Entrust: Business Entity not permitted in CPS
RESOLVED
FIXED
Entrust
AI Summary
Entrust discovered that it had mis-issued nine certificates to Business Entities, contrary to its Certification Practice Statement (CPS). This issue arose during a compliance review, leading to the immediate halting of certificate issuance for Business Entity Subscribers. The mis-issued certificates included two EV Code Signing and seven VMC certificates. Entrust has taken steps to revoke these certificates and update its CPS to prevent future occurrences. A full incident report detailing the root cause and corrective actions is being prepared.
Chronology
- Investigation initiated into certificate issuance practices.
- CPS updated and mis-issued certificates revoked.
- All action items completed; request to close the bug.
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: Certificate issued with validity greater than 825-days
Entrust: CPS typographical (text placement) error
Entrust: Subscriber provides private key with CSR
Entrust: S/MIME mailbox address not in subjectAltName
Entrust: S/MIME certificates lacking OU verification
Entrust: S/MIME OrgID Country not matching C field
Entrust: SHA-256 hash algorithm used with ECC P-384 key
Entrust: Failure to revoke OV TLS - CPS typographical (text placement) error