← Entrust cases
Bugzilla #1931886
Certificate Problem Report
Entrust: CRL missing revocation reasonCode
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified an issue where the Certificate Revocation List (CRL) for their TLS CAs was missing the reasonCode for certificates revoked for reasons other than 'unspecified'. This problem arose due to a recent software update that altered the CRL generation process. The error was rectified by rolling back the update and reissuing the affected CRLs. A comprehensive incident report was created, detailing the root cause, which was linked to inadequate unit testing practices. Entrust has since implemented corrective actions, including improved testing and monitoring protocols.
Chronology
- Software update deployed that included library updates.
- Investigation revealed missing reasonCode in CRL.
- Rollback of the software update and reissuance of CRLs.
- Incident report closure and completion of action items.
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: CRL non-conformance with the TLS BRs
Entrust: Delayed Revocation for S/MIME certificates
Entrust: EV Certificate missing Issuer’s EV Policy OID
Entrust: SSL Certificates issued with Un-verified IP Addresses
Entrust: delayed revocation
Entrust: clientAuth TLS Certificates without serverAuth EKU
Entrust: Failure to revoke EV TLS certificates issued before CPS update
Entrust: Incorrect keyUsage for ECC certificate