← IdenTrust Services, LLC cases
Bugzilla #2014609
Certificate Misissuance
IdenTrust: Cross-signed root certificate mis-issuance
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported a mis-issuance of a cross-signed root certificate due to an incorrect Certificate Signing Request (CSR). The issue was identified during cert-chain validation testing, revealing that a file-selection bug combined with a look-alike naming convention led to the wrong CSR being selected. The mis-issued certificate was revoked promptly, and a full incident report was published detailing the root cause and remediation steps, including the implementation of hash validation checks to prevent recurrence.
Chronology
- Issued the cross-signed certificate
- Discovered the mis-issuance
- Revoked the mis-issued certificate
- Published full incident report
- Completed action item for validation checks
Participants
roots@identrust.com
dhollenback@apple.com
rdaurne77@gmail.com
incident-reporting@ccadb.org
External References
Similar Local Cases
IdenTrust: Mis-Issued EV Code Signing Certificate
IdenTrust: Root OCSP Signer certificate mis-issuance
IdenTrust: unintended creation of a Root CA certificate
Firmaprofesional: Misissuance of TLS Subordinate CA "AC Firmaprofesional - Secure Web 2024"
VISA: Misissuance detected by PKIMetal
IdenTrust: Internal names / failure to report
IdenTrust: Mis-Issued EV Certificates
Microsoft PKI Services: Misissuance detected by PKIMetal