← LAWtrust cases
Bugzilla #1959721
Policy Compliance
Lawtrust: The S/MIME CA’s policy identifiers did not align with the CA/Browser Forum Requirements.
RESOLVED
FIXED
LAWtrust
AI Summary
The incident involved LAWtrust's S/MIME CA, where policy identifiers did not align with the CA/Browser Forum Requirements. This misalignment was identified during an audit, leading to the issuance of 12 internal test certificates that were not compliant. The CA team misinterpreted the requirements, resulting in incorrect Distinguished Name (DN) configurations. Following the identification of the issue, all affected certificates were revoked, and corrective measures were implemented, including updates to the certificate profiles and internal training to ensure compliance with the S/MIME Baseline Requirements.
Chronology
- First S/MIME Test Certificate pair issued.
- Non-compliance identified regarding policy identifiers.
- All affected certificates revoked.
- Closure report submitted.
Participants
Marcile De Waal
Malcolm Doody
Martijn Katerbarg
Taro Yamada
External References
Similar Local Cases
Sectigo: Incomplete Subscriber Agreement provisions
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB
DigiCert: Inconsistent EV audits
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
NETLOCK: Expired Test Website Certificate
HARICA: P-384,ecdsa-with-SHA256 Certificates
Entrust: Delay in Updating CPS