← Entrust cases
Bugzilla #1931615
Certificate Problem Report
SSL.com: Entrust API and CAA checking
RESOLVED
DUPLICATE
Entrust
AI Summary
A certificate for '*.hyatt-test.com' was issued by SSL.com despite a CAA record indicating that no certificates should be issued for the domain. The report details steps taken to reproduce the issue and highlights the ambiguity in RFC 8659 regarding the handling of CAA records with empty 'issue' tags. SSL.com has initiated an investigation into the matter and is seeking community feedback on the interpretation of the RFC. The case has been marked as a duplicate of another bug that addresses similar issues.
Chronology
- Certificate issued despite CAA record restrictions.
- SSL.com acknowledged the report and began an investigation.
- Bug marked as a duplicate of Bug #1932973.
Participants
Riley Magnuson
Rebecca Kelley
Ben Wilson
Bruce Morton
Rob Stradling
Andrew Ayer
Agwa
SecAuditor
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
SSL.com: Entrust API and CAA checking
Entrust: EV Certificate missing Issuer’s EV Policy OID
Entrust: Failure to revoke a certificate
Entrust: SSL Certificates issued with Un-verified IP Addresses
Entrust root has SECOM CPS in AllCertificateRecordsCSVFormatv2
Entrust: Failure to revoke EV TLS certificates issued before CPS update
Entrust: S/MIME Certificate Issued with Incorrect Policy OID
Entrust: Printable String Constraint Failure