← Netlock cases
Bugzilla #2011314
Certificate Problem Report
Netlock: unspecified revocation code (0) in CRL
CLOSED
Netlock
AI Summary
Netlock received a report indicating that their Certificate Revocation List (CRL) contained entries with an unspecified revocation reason code (0), which violates CA/Browser Forum Baseline Requirements. The issue arose from certificates that were suspended and later automatically revoked, leading to incorrect encoding in the CRL. Netlock acknowledged the non-compliance and has since implemented corrective measures, including updates to their revocation workflow and CRL generation logic. The remediation has been deployed, and ongoing validation confirms compliance with the requirements.
Chronology
- External third party reported the issue
- Issue handed over to the development team
- Corrected implementation successfully deployed to production
- Incident report closure requested
Participants
Roland Kaluha
Dean Reed
CCADB Incident Reporting
External References
Similar Local Cases
Netlock: CA in AIA in PEM format
NETLOCK: Missing CDP Disclosure in CCADB
NETLOCK: Unavailability of the document repository
NETLOCK: Pre-certificates revoked with certificateHold reason
NETLOCK: SSL certificates with OU field
NETLOCK: Disclosed CRL is expired
NETLOCK: SSL certificates with OU field - revocation delay
NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName