← Actalis cases
Bugzilla #1943379
Certificate Problem Report
Actalis: CRL with duplicate serial number in revokedCertificates
RESOLVED
FIXED
Actalis
AI Summary
On January 21, 2025, Actalis received a Certificate Problem Report indicating that their Certificate Revocation List (CRL) for the Actalis Domain Validation Server CA G3 contained two entries for the same certificate serial number. This issue was traced back to a bug in the EJBCA software, which erroneously retained both a pre-certificate and a final certificate as separate entries in the database. Actalis promptly addressed the issue by removing the duplicate entry and regenerating the CRL. They have also implemented a monitoring system to prevent future occurrences and opened a support ticket with the EJBCA vendor for further assistance.
Chronology
- Received Certificate Problem Report regarding duplicate CRL entries.
- Acknowledged the CPR and began investigation.
- Removed duplicate entry and regenerated the CRL.
- Completed action items including setting up monitoring system.
- Submitted report closure summary.
Participants
Marco Menonna
Aaron
Martijn Katerbarg
Adriano Santoni
External References
Similar Local Cases
Actalis: CRL distribution point with ldap scheme
Actalis: inaccurate value in stateOrProvinceName
Actalis: Incorrect OCSP Delegated Responder Certificate
Actalis: pre-certificates with “certificateHold” as the revocation reason
Actalis: incorrect CP/S Last Update date in CCADB
Actalis: Issusing 1024 bit certificates
Actalis: two CAs with the same CRLDP
Actalis: Non BR Compliant OCSP Responder