← DigiCert cases
Bugzilla #1930759
Certificate Problem Report
DigiCert: Domain used for CRLs and OCSP has expired
RESOLVED
DigiCert
AI Summary
DigiCert experienced a service outage due to the expiration of the domain digicert-validation.com, which is used for hosting CRLs and OCSP responders. This incident affected seven Intermediate Certificate Authorities (ICAs), none of which had active end-user certificates. The domain's management was non-standard, leading to missed renewal notices. DigiCert has since implemented automated monitoring to prevent similar issues in the future.
Chronology
- Domain registration expired for digicert-validation.com
- DigiCert alerted to CRL and OCSP unavailability
- Domain renewed and services restored
Participants
Andrew Ayer
DigiCert Team
Mozilla Team
External References
Similar Local Cases
DigiCert: Some CRLs were not updated for a few days
DigiCert: Encoded HTML entities in attribute values
DigiCert: Incorrect OrgID in S/MIME certificates for one customer
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate
Amazon Trust Services / DigiCert: 404 error when fetching CRL
DigiCert: 4 CRLs unavailable or not responding
DigiCert: Subject Serial Numbers for Non-Commercial Entities
DigiCert: Undisclosed CAs -Federated Trust CA-1