← DigiCert cases
Bugzilla #1925106
Certificate Problem Report
DigiCert: Incorrect CP listed in CCADB
CLOSED
DigiCert
AI Summary
DigiCert reported an incident involving the incorrect disclosure of a Certificate Policy (CP) for Apple-operated subordinate CAs in the Common CA Database (CCADB). The CP field incorrectly pointed to Apple's private CP instead of the appropriate public trust CP. This issue persisted for several years until it was identified in October 2024. DigiCert has since updated the CP field to reflect the correct policy documents and is working with Apple to ensure compliance with CCADB policies moving forward.
Chronology
- Sectigo notified DigiCert about the incorrect CP in CCADB.
- DigiCert acknowledged the incident and began investigating.
- Apple published its combined CP/CPS.
- DigiCert updated CCADB entries to reflect the new CP/CPS.
Participants
Tim Hollebeek
Ben Wilson
Rob Stradling
Martijn Katerbarg
External References
Similar Local Cases
Digicert: Preview certificate uploaded to CCADB instead of the actual certificate
DigiCert: Encoded HTML entities in attribute values
DigiCert: Random value in CNAME without underscore prefix
DigiCert: Late incident report for bug 1925106
DigiCert: Typo in TLS Org Name
DigiCert: Some CRLs were not updated for a few days
Sectigo: Failure to revoke ECC certificates with non-DER encoded keyUsage within 5 days
Digicert: Government Entity listed instead of registration number