← SSL.com cases
Bugzilla #1942651
Policy Compliance
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
RESOLVED
FIXED
SSL.com
AI Summary
Sectigo reported a compliance incident regarding the late disclosure of updated Certificate Policy/Certificate Practice Statement (CP/CPS) information by SSL.com. SSL.com failed to promptly notify Sectigo of updates to its CP/CPS, resulting in outdated information in sixteen CCADB records for Cross-Certified Subordinate CA Certificates. This delay exceeded the disclosure deadlines set by root store policies. In response, Sectigo has implemented automated monitoring systems and established regular coordination meetings with SSL.com to prevent future occurrences.
Chronology
- Sectigo identifies the incident as a compliance issue.
- Sectigo creates the bug and posts an initial incident report.
- Sectigo submits an incident report closure summary.
Participants
Rob Stradling
Martijn Katerbarg
Rebecca Katerbarg
B Wilson
External References
Similar Local Cases
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Lawtrust: The S/MIME CA’s policy identifiers did not align with the CA/Browser Forum Requirements.
Apple: Intermediate CA certificates omitted from audit statement
Entrust: Improperly Verified Business Category
Entrust: Delay in Updating CPS
IZENPE: Outdated CPS for Izenpe Root
Sectigo: Incomplete Subscriber Agreement provisions
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots