← Asseco Data Systems S.A. cases
Bugzilla #2007105
Certificate Problem Report
Asseco DS / Certum: CRL URLs disclosed in CCADB do not exactly match the CRL URLs in certificates
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Certum identified discrepancies between the CRL URLs disclosed in the CCADB and those present in issued certificates. The issue stemmed from the use of HTTPS instead of HTTP and differences in hostnames. Although the URLs were mismatched, they consistently resolved to the correct CRLs, and there was no impact on certificate issuance or revocation. Certum has since updated its internal procedures to ensure compliance with CCADB policies and has completed all corrective actions.
Chronology
- Non-compliance start date
- Non-compliance identified and fixed CRL records in CCADB
- Full incident report published
- Completion of all corrective actions
Participants
Kateryna Aleksieieva
External References
Similar Local Cases
Asseco DS / Certum: Finding in Routine WebTrust Audit – S/MIME certificates issued with mailbox validation older than 30 days
Asseco DS / Certum: DNS service outage
Asseco DS / Certum: CRL non-conformance with the TLS BRs
Asseco DS / Certum: Cross-certificate not included in 2024 S/MIME Audit statement
Asseco DS / Certum: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption
Asseco DS / Certum: Organization Identifier and Country field discrepancies
Asseco DS / Certum: Irregularities in Xinchacha/Xcc Brand SSL Certificates
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order