← Entrust cases
Bugzilla #1956681
Policy Compliance
Entrust: Cross-certified CA CP/CPS not updated in CCADB
RESOLVED
FIXED
Entrust
AI Summary
Entrust faced an incident where the CP/CPS for its cross-certified CA, SSL.com, was not updated in the CCADB following SSL.com's own updates. This oversight was identified on March 25, 2025, when Sectigo flagged the issue. Entrust updated the CCADB record later that same day, but the update was outside the required 14-day window. Fortunately, no certificates were mis-issued as a result of this incident. To prevent future occurrences, Entrust has implemented a monthly call to enhance communication between the involved parties and updated their procedures for timely updates.
Chronology
- Non-compliance start date
- Non-compliance identified and CCADB updated
- Report closure summary issued
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: Improperly Verified Business Category
Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits
Entrust: Delay in Updating CPS
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5
Entrust: Non-BR-Compliant Certificate Issuance
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB