← IdenTrust Services, LLC cases
Bugzilla #1930029
Certificate Misissuance
IdenTrust: Approval of TLS certificate renewal without domain validation
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported a mis-issuance of a TLS OV certificate due to the approval of a renewal request before completing the necessary domain validation process. The certificate was revoked within 24 hours of detection. The incident was attributed to a manual processing error and the use of an older API version lacking required technical controls. IdenTrust has since retrained its staff and implemented additional measures to prevent recurrence, with a permanent fix scheduled for deployment by February 2025.
Chronology
- Received a TLS renewal request requiring domain revalidation.
- Mis-issued certificate discovered and revoked.
- Retraining of Registration Agents completed.
- Technical control added to the older API version.
Participants
IdenTrust
Mozilla
External References
Similar Local Cases
IdenTrust: Mis-Issued EV Certificates
IdenTrust: Issuance of Subordinate CA’s Without EKU
IdenTrust: test certificates inadvertently published in production environment
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
IdenTrust: Root OCSP Signer certificate mis-issuance
IdenTrust: ICA with invalid CDP
IdenTrust: Improper encoding of wildcard certificate