← D-TRUST cases
Bugzilla #2009149
Certificate Problem Report
D-Trust: Expired certificate provided on the CA TLS test website for demonstration of valid certificates
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust received a report that a TLS test website was serving an expired certificate due to a misinterpretation of policy during a rollover transition. The expired certificate was identified on January 6, 2026, and valid certificates were restored by January 15, 2026. The root cause was an incorrect assumption regarding the timing of policy requirements, leading to an early issuance stop. D-Trust has since implemented a new validation process for policy updates to prevent future occurrences.
Chronology
- Expired certificate deployed on test website
- Non-compliance identified
- Valid certificates restored on test website
Participants
Ana Laura Martorano
Enrico Entschew
External References
Similar Local Cases
D-Trust: CRL HTTP Media Type
D-Trust: Defective certificate incident reporting form
D-TRUST: Certificate with RSA key where modulus is not divisible by 8
D-TRUST: Private Key Disclosed by Customer as Part of CSR
D-TRUST: Wrong key usage (Key Agreement)
D-Trust: "unknown" OCSP response for issued certificates
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714