Closed Bug 1373452 Opened 8 years ago Closed 8 years ago

Identrust TrustID Subordinate CA - Revocation Notification

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: roots, Assigned: kathleen.a.wilson)

Details

(Whiteboard: [ca-onecrl])

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; rv:11.0) like Gecko Steps to reproduce: As part of IdenTrust normal business cycle, we have revoked two subordinate CAs on Wednesday June 7, 2017. The reason for the revocation is the cessation of operations. These subordinate CAs were signed with SHA-1 and are no longer needed. Common Name: TrustID Server CA A5 Serial Number: ‎00 d5 00 36 f5 58 37 bc 6a 00 84 80 f6 bb c9 3f 34 Common Name: TrustID CA A51 Serial Number: 0a 01 41 41 00 00 01 38 ed 74 f6 39 00 00 00 02 The issuing Root is: CN = DST Root CA X3 O = Digital Signature Trust Co. The CRL for the Root can be found at: http://crl.identrust.com/DSTROOTCAX3.crl
Assignee: nobody → kwilson
Component: CA Certificates Code → CA Certificate Root Program
Whiteboard: [ca-onecrl]
> Common Name: TrustID Server CA A5 > Serial Number: ‎00 d5 00 36 f5 58 37 bc 6a 00 84 80 f6 bb c9 3f 34 In CCADB this record indicates the revocation, and has OneCRL status of "Ready to Add". > > Common Name: TrustID CA A51 > Serial Number: 0a 01 41 41 00 00 01 38 ed 74 f6 39 00 00 00 02 > In CCADB this record indicates the revocation, and has OneCRL status of "Ready to Add". QUESTION: There are two versions of the "TrustID CA A 51"cert, should the other one also be revoked? Certificate Issuer Common Name: DST Root CA X3 Certificate Subject Common Name: TrustID CA A51 Certificate Serial Number: 0a01414100000138e4381d6c00000002
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: Subordinate CA - Revocation Notification → Identrust TrustID Subordinate CA - Revocation Notification
(In reply to Kathleen Wilson from comment #1) > > Common Name: TrustID Server CA A5 > > Serial Number: ‎00 d5 00 36 f5 58 37 bc 6a 00 84 80 f6 bb c9 3f 34 > > In CCADB this record indicates the revocation, and has OneCRL status of > "Ready to Add". This has been added to OneCRL. > > > > > Common Name: TrustID CA A51 > > Serial Number: 0a 01 41 41 00 00 01 38 ed 74 f6 39 00 00 00 02 > > > > In CCADB this record indicates the revocation, and has OneCRL status of > "Ready to Add". This has been added to OneCRL. > > > QUESTION: > There are two versions of the "TrustID CA A 51"cert, should the other one > also be revoked? > Certificate Issuer Common Name: DST Root CA X3 > Certificate Subject Common Name: TrustID CA A51 > Certificate Serial Number: 0a01414100000138e4381d6c00000002 The second version of the "TrustID CA A 51" cert has not been revoked, so it has not been added to OneCRL. If you do revoke this instance of the certificate, then please update the Common CA Database to indicate the revocation status.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You are correct. The second copy of that subordinate CA has been revoked today. I will updated the Common CA Database accordingly.
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.