← GlobalSign nv-sa cases
Bugzilla #1942879
Certificate Problem Report
Globalsign: Delayed revocation
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign faced a delayed revocation incident due to issues with email attachments being blocked by their anti-malware settings. The problem arose when the reporter submitted Certificate Problem Reports (CPRs) with compromised keys, but the emails were not delivered because the attachment type was recognized as malware. This resulted in a delay in revocation for eight affected certificates. GlobalSign has since identified the root cause, adjusted their email filtering settings, and committed to quarterly validation of CPR deliverability to prevent future incidents.
Chronology
- Initial report of delayed revocation incident submitted.
- GlobalSign acknowledges the report and starts investigation.
- All affected certificates revoked.
- Incident report detailing the issue and root cause published.
- Validation of deliverability process implemented.
Participants
Hanno Boeck
Christophe Bonjean
R. Daurne
Mike Shaver
External References
Similar Local Cases
GlobalSign: OCSP responder certificates with more than 64 characters in CN
GlobalSign: CRLs reported in CCADB unavailable
GlobalSign: EV TLS certificate with only metadata in JOI State field
GoDaddy: Revocation process is unusable due to contact address not accepting attachments
GlobalSign: misalignment of CRL URL in CCADB with issued certificates
GlobalSign: Organization-validated SMIME certificate with invalid organizationIdentifier for European country
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold”
GlobalSign: OV TLS certificate with incorrect countryName value for organization