← Entrust cases
Bugzilla #1952635
Policy Compliance
Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits
RESOLVED
FIXED
Entrust
AI Summary
Entrust reported an inconsistency in their S/MIME BR audit report, where certain roots trusted for S/MIME were omitted. These roots, while not having issued any S/MIME certificates, were mistakenly excluded from the audit scope. The issue was identified on March 5, 2025, and Entrust has committed to including these roots in their upcoming audit report due by May 30, 2025. No mis-issued certificates were reported, and the audit omission is being addressed with their WebTrust auditor.
Chronology
- S/MIME BRs became effective.
- Last day of most-recent Entrust S/MIME CA audit period.
- Entrust received notice of missing roots in S/MIME BR audit report.
- Next S/MIME BR audit report is due.
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: Cross-certified CA CP/CPS not updated in CCADB
Entrust: Delay in Updating CPS
Entrust: Improperly Verified Business Category
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5
Entrust: Non-BR-Compliant Certificate Issuance
Apple: Intermediate CA certificates omitted from audit statement
DigiCert: Inconsistent EV audits
TWCA: Missing or Inconsistent Disclosure of S/MIME BR Audits