GoDaddy: Insufficient serial number entropy

GoDaddy identified a significant issue with the entropy of certificate serial numbers, affecting over 12,000 live certificates. The problem was first noted on March 6, 2019, following discussions in the Mozilla security policy group. GoDaddy promptly addressed the issue by deploying a fix on March 7, 2019, and ceased issuing certificates with the defect. The CA has since revised its processes to ensure compliance with industry standards, including plans to upgrade serial number lengths to a minimum of 128 bits.

1. 2019-03-06 GoDaddy begins investigating the serial number issue.
2. 2019-03-07 Fix deployed to production.
3. 2019-03-12 GoDaddy identifies 12,152 live certificates affected.
4. 2019-03-15 GoDaddy updates on the status of impacted certificates.