← eMudhra Technologies Limited cases
Bugzilla #1941009
Certificate Problem Report
eMudhra emSign PKI Services : Issue with revocation as part of automated reissuance
CLOSED
FIXED
eMudhra Technologies Limited
AI Summary
On January 8, 2025, eMudhra identified a misconfiguration in its certificate lifecycle management system that led to the erroneous revocation of 311 domain certificates. This issue arose from a subroutine in the automated revocation process that incorrectly flagged valid certificates for revocation during reissuance, applying the wrong reason code of 'Key Compromise' instead of 'Superseded'. Despite the revocation, active replacement certificates remained valid, minimizing customer impact. eMudhra has since implemented corrective actions, including fixing the subroutine, enhancing validation processes, and establishing quarterly audits to prevent future occurrences.
Chronology
- Misconfigured subroutine introduced during routine update.
- Subroutine triggered erroneous revocation of certificates.
- Issue detected during internal monitoring.
- Root cause analysis initiated.
- Corrective actions implemented.
- Closure summary submitted.
Participants
Naveen Kumar ML
Mathew Hodson
Ben Wilson
External References
Similar Local Cases
eMudhra emSign PKI Services : Key Blocking Mechanism Fails to Validate Historical Public Key Reuse.
eMudhra emSign PKI Services : OCSP Responder Time Inconsistency
eMudhra: Invalid CRL signatures
eMudhra: Delayed Publication of Issuing CA Certificates In CCADB
eMudhra emSign PKI Services: CA Certificates not published in DER Encoded Format
eMudhra: Failure to respond to a Problem Report within 24 hours
Certigna: Certificate issued with validity period greater than 398-days
eMudhra emSign PKI Services: Policy Document Inconsistency