← Actalis cases
Bugzilla #1949203
Certificate Problem Report
Actalis: two CAs with the same CRLDP
RESOLVED
FIXED
Actalis
AI Summary
Actalis faced an issue where two different Certificate Authorities (CAs) were associated with the same CRL Distribution Point (CRLDP), which could lead to complications in certificate revocation. This problem arose after the removal of the Organizational Unit (OU) attribute during a certificate reissuance, resulting in a mismatch between the issuer and subject of the certificates. Actalis acknowledged the issue and took corrective actions, including revoking the problematic certificate and restoring the original subject attributes. The incident was resolved with no reported impact on end-user certificates or service disruptions.
Chronology
- Reissued the 'AgID CA1' SubCA certificate, removing the OU attribute.
- Revoked the problematic 'AgID CA1' certificate and reissued it with the original OU attribute.
- All identified action items were addressed.
- Requested formal closure of the incident.
- Incident officially closed.
Participants
Andrew Ayer
Marco Menonna
Malcolm Doody
B Wilson
External References
Similar Local Cases
Actalis: Failure to revoke within 7 days: OCSP EKU issue
Actalis: revocation delay for certificates issued with invalid RDN Order
Actalis: Use of CRLReason Code in Certificate Revocation
Actalis: CRL distribution point with ldap scheme
Actalis: CRL with duplicate serial number in revokedCertificates
Google Trust Services: incorrect SCT in certificate
DigiCert / Microsoft: inconsistent disclosure of externally-operated intermediate
Actalis: pre-certificates with “certificateHold” as the revocation reason