← D-TRUST cases
Bugzilla #2029013
Certificate Problem Report
D-Trust: Missing Pre-Signing Linting for TLS Issuance
ASSIGNED
D-TRUST
AI Summary
D-Trust identified a significant issue with its pre-signing linting process for TLS certificate issuance, which failed to meet industry standards. This oversight led to the issuance of 57,565 non-compliant certificates over a year. Following an internal review and external evaluation, D-Trust halted issuance to rectify the problem and implemented a compliant linting solution. All affected certificates were revoked within days of the incident's identification, and D-Trust is committed to monitoring the situation closely.
Chronology
- D-Trust halted issuance of certificates due to compliance issues.
- All affected TLS certificates were revoked.
- D-Trust published a full incident report detailing the compliance failures.
- D-Trust continues to monitor the situation and requests a follow-up update.
Participants
Enrico Entschew
Christopher Kunz
Ben Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
D-Trust: QCStatement with http link of PKI Disclosure Statements
D-Trust: "unknown" OCSP response for issued certificates
D-Trust: TLS Precertificates Exceeding the Maximum Validity Period Allowed by the TLS Baseline Requirements
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject
D-TRUST: Private Key Disclosed by Customer as Part of CSR
D-TRUST: incorrectly formatted businessCategory entry
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours
D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName