← D-TRUST cases
Bugzilla #1939809
Certificate Problem Report
D-Trust: QCStatement with http link of PKI Disclosure Statements
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust issued EV TLS certificates that included an http link to PKI Disclosure Statements, violating ETSI EN 319 412-5, which mandates https links. Upon discovery, D-Trust halted production of the affected certificates and revoked 25 non-compliant certificates within five days. The issue arose from a misinterpretation of compliance requirements, although the actual PDS was always accessible via https. D-Trust has since adjusted its certificate profiles and implemented additional checks to prevent future occurrences.
Chronology
- Certificate Problem Report received
- Decision made to halt production and revoke affected certificates
- Revocation of all affected TLS certificates completed
- Incident Report Closure Summary submitted
Participants
Enrico Entschew
Ben Wilson
External References
Similar Local Cases
D-Trust: Missing Pre-Signing Linting for TLS Issuance
D-Trust: "unknown" OCSP response for issued certificates
D-Trust: TLS Precertificates Exceeding the Maximum Validity Period Allowed by the TLS Baseline Requirements
D-TRUST: Wrong key usage (Key Agreement)
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject
D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714
D-TRUST: syntax error in one tls certificate