← Entrust cases
Bugzilla #1921387
Policy Compliance
Entrust: Improperly Verified Business Category
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified issues with the verification of Business Categories for EV Code Signing and VMC Subscribers, leading to mis-issued certificates. The verification process failed to correctly categorize five VMC Subscribers and two EV Code Signing Certificates, with incomplete verification for some entities. All affected certificates were revoked, and Entrust has since updated its verification procedures and training to prevent future occurrences. The company will no longer issue certificates to new applicants classified as Business Entities, mitigating the risk of incorrect categorization.
Chronology
- Verification advised that two Subscribers categorized as Business Entities did not complete required verification.
- Verification provided investigation of Subscribers categorized as Business Entities.
- Compliance completed investigation and revoked all non-compliant certificates.
- Incident Report Closure Summary provided, detailing completed action items.
Participants
Bruce Morton
B Wilson
External References
Similar Local Cases
Entrust: Cross-certified CA CP/CPS not updated in CCADB
Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits
Entrust: Delay in Updating CPS
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5
Entrust: Non-BR-Compliant Certificate Issuance
Apple: Intermediate CA certificates omitted from audit statement
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB