← IdenTrust Services, LLC cases
Bugzilla #2016585
Certificate Problem Report
IdenTrust: Test Certificates from cross-signed roots not disclosed in CT Logs
ASSIGNED
IdenTrust Services, LLC
AI Summary
IdenTrust identified that several test automation certificates failed browser validation due to missing Certificate Transparency (CT) log entries. These certificates were issued from a newly cross-signed TLS CA hierarchy, and the issue was limited to test certificates only, with no customer certificates affected. The affected certificates have been revoked, and new test automation certificates have been issued with proper CT log submissions. A full incident report was disclosed, detailing the timeline and root causes of the issue.
Chronology
- Non-compliance start date
- Non-compliance identified date
- Preliminary Incident Report disclosed
- Full Incident Report disclosed
Participants
IdenTrust
Dimitris Zacharopoulos
Dustin Hollenback
External References
Similar Local Cases
IdenTrust: Missing Revocation Reasons in CRL
IdenTrust: Temporarily Expired CRLs
IdenTrust: S/MIME Certificates issued without CAB Forum OID
IdenTrust: CA Certificate not published in DER Encoded Format
IdenTrust: Unauthorized OCSP responses for cross-signed roots
Identrust: Root CrossSign, of dedicated Roots, missing EKU
IdenTrust: duplicate Certificate in error flagged by OCSP Watch
IdenTrust: Invalid OrganizationIdentifier in S/MIME certificates