← IdenTrust Services, LLC cases
Bugzilla #2004492
Certificate Problem Report
IdenTrust: CA Certificate not published in DER Encoded Format
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust self-disclosed an incident regarding a subordinate CA certificate that was published with an id-ad-caIssuers file in PEM format instead of the required DER format. This issue was identified during a review of a cross-signed root CA and remained undetected for over five years. The CA owner has since corrected the file format and implemented new controls to prevent recurrence, including automated validation and post-issuance verification. All action items have been completed, and the incident report is now closed.
Chronology
- Issued Subordinate CA with id-ad-caIssuers in PEM format
- Discrepancy noticed
- Corrected id-ad-caIssuers file to DER format
- All action items completed
- Incident report closed
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Test Certificates from cross-signed roots not disclosed in CT Logs
IdenTrust: Incorrect response for OCSP validation
IdenTrust: TLS self audit testing below 3%
IdenTrust: Invalid OCSP Response Held in Cache
IdenTrust: Certificate with missing details flagged by OCSP Watch
IdenTrust: Unauthorized OCSP responses for cross-signed roots
IdenTrust: EV TLS certificate with wrong jurisdiction state for private organization
IdenTrust: duplicate Certificate in error flagged by OCSP Watch