← DocuSign (OpenTrust/Keynectis) cases
Bugzilla #1313873
Certificate Misissuance
SHA-1 issuance by DocuSign root
RESOLVED
DocuSign (OpenTrust/Keynectis)
AI Summary
This case addresses the issuance of SHA-1 certificates by DocuSign's root CA, which is against Mozilla's policies. The certificates were issued erroneously due to a failure in organizational and technical controls. DocuSign has since revoked the misissued certificates and is implementing measures to prevent future occurrences. The CA's compliance with the Baseline Requirements is under scrutiny, and corrective actions are being taken.
Chronology
- Initial report of SHA-1 certificates issued by DocuSign
- DocuSign provides details on the misissuance and corrective actions
- Mozilla acknowledges the corrective measures taken by DocuSign
Participants
Gervase Markham
Kathleen Wilson
Erwann Abalea
External References
Similar Local Cases
SHA-1 issuance by Visa root
SHA-1 issuance by DigiCert roots
DigiCert / Inteso San Paulo: Double dot characters
Amazon Trust Services: CAA Misissuances
WoSign issued SHA-1 SSL certs and backdated the issuance date on SSL certificates
Let's Encrypt: CAA Misissuances
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates