← IdenTrust Services, LLC cases
Bugzilla #1919162
Certificate Problem Report
IdenTrust: TLS Certificates with outdated certificate profile
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust identified seven active TLS subscriber certificates issued with an outdated profile that did not comply with the latest TLS Baseline Requirements. The certificates were revoked shortly after the issue was discovered. The root cause was attributed to low usage of the profile, leading to it being overlooked during updates, and a communication gap with the Delivery Team responsible for managing certificate profiles. IdenTrust has since revised its procedures to prevent similar issues in the future.
Chronology
- Discovered 7 active TLS subscriber certificates with outdated profiles.
- Revoked the 7 certificates.
- Conducted a comprehensive examination of all active certificate profile configurations.
- Identified all outstanding items related to the issue as resolved.
Participants
roots@identrust.com
cclements@google.com
bwilson@mozilla.com
External References
Similar Local Cases
IdenTrust: EV TLS certificate with invalid Jurisdiction state for government entity
IdenTrust: Unauthorized OCSP response on a Timestamp certificate
IdenTrust: S/MIME certificates with Invalid document Identification Scheme
IdenTrust: Expired CRL served
IdenTrust: Undisclosed Unrevoked ICAs
IdenTrust: Unavailable CRL and OCSP Responders
Buypass: Domain validation method using externally operated DNS tools
IdenTrust: OCSP Signer Certificate Missing No-Check Extension