← IdenTrust Services, LLC cases
Bugzilla #2014610
Certificate Misissuance
IdenTrust: Root OCSP Signer certificate mis-issuance
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC reported a mis-issuance of an OCSP signer certificate due to an incorrect Certificate Signing Request (CSR) being used. This incident was identified while investigating unauthorized OCSP responses related to another case. The mis-issuance resulted in invalid OCSP responses for the affected Root CA, but no other certificates were impacted. The root cause was traced to an ambiguous directory structure for CSR storage, which allowed the wrong CSR to be selected. Remediation measures, including the implementation of hash validation checks, have been completed to prevent future occurrences.
Chronology
- OCSP Certificate created
- Issuance of cross-signed certificates
- Non-compliance identified
- Preliminary Incident Report disclosed
- Full Incident Report disclosed
- Validation checks for CSR signing completed
- Incident report closure expected
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Issuance of Subordinate CA’s Without EKU
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
IdenTrust: test certificates inadvertently published in production environment
IdenTrust: Approval of TLS certificate renewal without domain validation
IdenTrust: ICA with invalid CDP
IdenTrust: Cross-signed root certificate mis-issuance