← eMudhra Technologies Limited cases
Bugzilla #1974435
Delayed Revocation
eMudhra emSign PKI Services : Delayed Revocation of TLS Certificates due to Policy Inconsistency.
RESOLVED
FIXED
eMudhra Technologies Limited
AI Summary
eMudhra Technologies Limited faced a delayed revocation of 449 TLS certificates due to a misalignment between their issued certificates and the documented Certificate Policy/Certification Practice Statement (CP/CPS). Although the certificates met the CA/Browser Forum Baseline Requirements, they did not conform to the CA's published policy which specified only 'RSA 2048'. The delay in revocation was attributed to an initial assessment that deemed the certificates compliant, followed by community feedback that prompted immediate action. All certificates were revoked on June 26, 2025, after a thorough review and updated internal guidance to prevent future occurrences.
Chronology
- External report received highlighting key size misalignment.
- Revocation of all 449 unexpired certificates completed.
- Root cause analysis updated to clarify internal decision-making process.
Participants
Naveen Kumar ML
External References
Similar Local Cases
eMudhra emSign PKI Services: Delayed Revocation of SSL/TLS Certificates
Firmaprofesional: Delayed revocation of TLS certificates affected by bug #2009941
SSL.com: Delayed revocation of 53 certificates affected by bug #1750631
Amazon Trust Services: Delayed Revocation of Subordinate CA
Asseco DS / Certum: Delayed revocation of S/MIME certificates issued with mailbox validation older than 30 days
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation
Microsec: Delayed revocation of the misissued certificates
KIR S.A.: Delayed revocations of certificates