← Sectigo cases
Bugzilla #2010885
Certificate Problem Report
Sectigo: Inaccuracy of CCADB-Disclosed URL for eIDAS CP/CPS
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo reported an incident involving an incorrect URL for their eIDAS CP/CPS disclosed in the CCADB. This issue arose following a CMS migration on November 20, 2025, which inadvertently changed the URL without Sectigo's awareness. Although the CP/CPS remained accessible via their website, the specific URL in CCADB became invalid. The incident was reported by a third party and was resolved by updating the CCADB records on January 15, 2026. Sectigo has since implemented a monitoring tool to prevent similar issues in the future.
Chronology
- CMS migration and deployment occurred, changing the CP/CPS URL.
- Non-compliance identified as the URL was no longer valid.
- Incident reported by a third party; records updated in CCADB.
- Investigation confirmed the URL change due to CMS deployment.
- Closure report submitted, detailing remediation steps.
Participants
Martijn Katerbarg
External References
Similar Local Cases
Sectigo: Certificate issuance by non-compliant Extant S/MIME CA
Sectigo: Incorrect OCSP responses
Sectigo: OV reuse data applied for wrong organization
Sectigo: Incomplete Subject organizationName
Sectigo: Late revocation for incomplete Subject organizationName
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value
Sectigo: Late receipt and disclosure to CCADB of ETSI audit letters
Sectigo: Temporary failure to publish OCSP responses for newly issued certificates