D-TRUST: Incomplete Disclosure of CRL URLs
D-TRUST reported a Certificate Problem Report received from a community member on 2026-07-13. The CPR stated that HTTP URLs in the crlDistributionPoints extension of unexpired certificates were not disclosed in the "JSON Array of all Full CRL URLs" field of the corresponding CCADB records. D-TRUST’s investigation confirmed that the URLs were missing at the CCADB records and stated it will update the affected records accordingly. D-TRUST also said certificate validity is not affected and that no revocation is required. The thread notes that a Full Incident Report will follow within 14 days. The bug is currently in ASSIGNED status.
- D-TRUST received an external Certificate Problem Report alleging missing HTTP CRL URLs in CCADB records for unexpired certificates.
- D-TRUST submitted a preliminary incident report and committed to updating the affected CCADB records.
- Bdr representative — Submitted a preliminary incident report confirming missing CRL URLs in CCADB records, stating no revocation is required, and indicating a full incident report will follow within 14 days.