Closed Bug 1499585 Opened 11 months ago Closed 11 months ago

Digicert: Undisclosed CAs -Federated Trust CA-1

Categories

(NSS :: CA Certificate Compliance, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: brenda.bernal, Assigned: wayne)

Details

(Whiteboard: [ca-compliance])

Attachments

(1 file)

1.       How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.
 
On 9/10/2018, we were reviewing and updating the AIAs of CA certificates issued by the DigiCert Federated ID CA-1.  See https://fpki.idmanagement.gov/notifications/.  
In performing this task, we reviewed the AIA for the DigiCert Federated Trust CA-1, which we had created on 8/24/2017. We discovered that the AIA consisted of a certificate that was issued to the DigiCert Federated ID CA-1 by the DigiCert Assured ID Root CA on 3/14/2011.  
See https://censys.io/certificates/4d6f2516daf39602a1dc6bd7f4693c01cbe8fe910bd6dd69737dc70c8623f293.  

On Oct 9, 2018, Rob Stradling pointed out the issuing cert was not yet disclosed.  DigiCert revoked the certs at the same time, concluding the issuing CAs were never added to production and the impact of revocation was negligible. to null. 
 
2.       A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done. 
 
 
3/14/2011 - DigiCert created DigiCert Federated ID CA-1 signed by the DigiCert Assured ID Root CA. See URL above. At the same time, we also created a SHA2 version, which we have not yet uploaded to the CCADB.
 
March 2011 to November 2011 - DigiCert decided against using the certificates created during the March 2011 ceremony but did not revoke them.  Note that the Mozilla policy was not yet enacted.
 
11/18/2011 - DigiCert created the DigiCert Federated Trust CA under the DigiCert Assured ID Root CA as a preferred path.  https://censys.io/certificates/e5bbdccad572ec9d2dd96e0e5ebf049a9181f070f1e33cc1635ad8ec487d2177.  
 
1/5/2012 - Federal Bridge CA issued a cross-certificate to the DigiCert Federated ID CA-1.
 
9/16/2014 – Mozilla announces during CA/Browser Face-to-Face Meeting that it is working on a database of CA certificates.  DigiCert expresses interest to be an early adopter.
 
10/15/2014 - Federal Bridge CA 2013 issued a new cross-certificate to the DigiCert Federated ID CA-1.
 
10/1/2015 - DigiCert began uploading CA certificates to the CCADB.  This continued through June 2016 when we uploaded the DigiCert Federated ID CAs L1-L4 that chained up to the Federated Trust CA. We are unclear on why the other March 2011 chains were uploaded. We think there was a misunderstanding at the time on what needed to be uploaded as these issuing CAs were not going to issue certs. 
 
8/24/2017 - DigiCert created the DigiCert Federated Trust CA-1 under the DigiCert Federated ID CA-1 and the Trinity Health Direct CA under the DigiCert Federated Trust CA-1 to transition away from publicly trusted certificates for certificates that chained up to the Federal Bridge CA 2016.
 
9/28/2017 - Federal Bridge CA 2016 issued a new cross-certificate to the DigiCert Federated ID CA-1.
 
11/6/2017 – Creation of the MIDIGATE CA under the DigiCert Federated Trust CA-1
 
9/10/2018 - Recognition that the DigiCert Federated ID CA-1 needed to be in the CCADB 
 
9/17/2018 - DigiCert Federated ID CA-1 and new sub CAs uploaded to the CCADB. DigiCert investigation into impact of revocation on FBCA begins. 
 
10/9/2018 – Rob Stradling detected additional ICAs that were part of this same cluster of certs

10/9/2018 - DigiCert Federated ID CAs L1-L4 chaining up to the DigiCert Federated ID CA-1 uploaded to the CCADB
 
10/9/2018 - DigiCert Federated ID CA-1 (SHA1 version) revoked. We are currently investigating to see if there were any other versions or certs issued prior to the CCDAB deadline that were not included in the upload. 

 
3.	Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.
 
On 10/09/2018, DigiCert revoked the Federated ID CA-1.  We are still investigating whether a SHA2 version of this cert exists on the CA and will revoke if discovered. 
 
DigiCert is currently conducting a thorough review of all of its CA certificates to determine if there are additional CAs which need to be posted to the CCADB, need to be revoked, and may need to be included in audit reports. 
 
 
4.	A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued. 
 
 See next.
 
 
7.	The complete certificate data for the problematic certificates. 
 
DigiCert Federated ID CA-1
https://censys.io/certificates/4d6f2516daf39602a1dc6bd7f4693c01cbe8fe910bd6dd69737dc70c8623f293
 
DigiCert Federated ID L1 CA
https://censys.io/certificates/8943593390178fa08c3e58916e66c2199be02b82d2259c72a6337787873da9c0
 
DigiCert Federated ID L2 CA
https://censys.io/certificates/b85afe7674d345efc0bc72ec50431d6f480192fe0506f247759350c213729a56
 
DigiCert Federated ID L3 CA
https://censys.io/certificates/77cc7491d71370839d36b59ee5892b6a7b0d055dea29c7bcecaa3203c1af2ee3
 
DigiCert Federated ID L4 CA
https://censys.io/certificates/24fafc32dd65d970432528f29d83b1039e86fb0e78cbee88a408d7a210bf3e6e
 
DigiCert Federated ID US L3 CA
https://censys.io/certificates/1ae180cd6041ca8cfcaaa42c061ea09f504fca49831ac52f7e6eff82b0138530
 
DigiCert Federated ID US L4 CA
https://censys.io/certificates/6b9ab7db2e6e6cd75f7e65442dd44a6820869c43921504d7adb73fcc626e246f
 
DigiCert Federated Trust CA
https://censys.io/certificates/81ccd4fea59f241d1ae7720cb3c07010d8dcb02be0c584fb8ea920921da6a654
 
DigiCert Federated Trust CA-1
https://censys.io/certificates/0714c72aa327e3896b4cf2878b793405d3f16be11eb2ce233c3f05d7b76b4d99
 
Trinity Health Direct CA
https://censys.io/certificates/fa46b1274813237715fd1f4ae72e0112bad095250e98dcda416e71e49e0ff7e6
 
MIDIGATE CA
https://censys.io/certificates/4290a2532669e53d6b9a86aab0af8b604ac34897442e1836f15d84fcdede5a5b                               
 
6.       Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.
 
An incomplete source was used to perform initial CCADB upload.  We did not complete a review of all pre-CCADB CAs until after CCADB update rules took effect.  For CA certificates issued after the CCADB requirements came into effect, we have a process in place to ensure that CAs get into CCADB that undergoes multiple checks for accuracy and completeness.  DigiCert maintains a JIRA ticket template with tasks to be completed in conjunction with key ceremonies. One of the items that must be completed before a ceremony ticket is closed is to upload any new CA certificates to the CCADB, as applicable. 

7.	 List of steps CA is taking to resolve the situation and ensure it will not be repeated. 
DigiCert is currently reviewing its CAs that were created prior to 2015 to determine which need to be posted to the CCADB, which need to be revoked, and which need to be included in audit reports.  We have shored up and established a process to ensure any CA’s created are uploaded to CCADB, as applicable.
referenced in 10/19 update to this bug
An update to our timeline on 2) and conclusion of our review for 3)

10/19/18 Finalized list of ICAs that needed to be uploaded and/or revoked from Digicert's thorough review. A total of 33 were uploaded over the last two days and highlighted below.

There were 15 ICAs uploaded to CCADB which includes 1 that has the parent cert already revoked and 14 that will be revoked early this coming week.  We will send the crt.sh links once they are available.  Attached, in a PDF, I'm including the PEMs of these CA certificates.

10/20/18 We uploaded 18 additional ICAs to CCADB that are not in scope (code signing, timestamping) and 1 that is related to wifi alliance.  We are including these for completeness but are out scope for Mozilla.
Summary: Undisclosed CAs -Federated Trust CA-1 → Digicert: Undisclosed CAs -Federated Trust CA-1
Whiteboard: [ca-compliance]
(In reply to Brenda Bernal from comment #2)
> There were 15 ICAs uploaded to CCADB which includes 1 that has the parent
> cert already revoked and 14 that will be revoked early this coming week.  We
> will send the crt.sh links once they are available.  Attached, in a PDF, I'm
> including the PEMs of these CA certificates.

Here are Censys.io links for the 15 ICAs mentioned:

https://censys.io/certificates/2d40e82ff298e5667ff3895c1420aef6b62f094ec753edb063361149f41db5e1
https://censys.io/certificates/26f9106a6849152528d43ab6eda5348db0f3b9bda4a4e6bcad59808445a01170
https://censys.io/certificates/c0aa0c6d26420a323a32cbf26037497a4303b82f1eb3b152e94bd56864679479
https://censys.io/certificates/f53629cd0d84604110a36367997c7c39b3aadbb3e4766bf35906bdb82df9e661
https://censys.io/certificates/e023f3abaacf2ae0750ee9625f62c23722717b26985210fc78e6d0f255df4962
https://censys.io/certificates/020256ca8b794087d10845b8806be117e48d135b4e0895d79804dcfc18459361
https://censys.io/certificates/981641f8966f6ca34f000f5a6fc824591938e6c4a71db6fc165ea4e64db9d189
https://censys.io/certificates/b3a9e4dd96b3d1bb5958ad3f9416c4aadc8d9ffde6d5afe4072d90bd9fa6ca6e
https://censys.io/certificates/bf54a9383f44662e75eca22eb0e47f2c235e5d118a7e896ec8b645916cba68e9
https://censys.io/certificates/cd898e4c16ab1892f363a461e110333c74e9dd4b3e67e22364ccc030ebb5ef5f
https://censys.io/certificates/d0b4d41c1dbe5f96f9631dbf386c5b8fa74765a001d41f2cf419ce5cddab2e11
https://censys.io/certificates/a64a5e92f07711e8acb73ee5152e3684c9ef55d66417d5736e26de8be83635c2
https://censys.io/certificates/d0b7b181792666025e10e64e7d50da770ea72aaff121148f6cd6161247d198df
https://censys.io/certificates/13ce8789b9a61455c157b7ef523dbfa0dc09816e50e0aca44ad59ba1fc67956a
https://censys.io/certificates/fa53d9ddf3b89734aabb583324fee922215d8dad849a16ad81c8f338bb359b90

The last 14 listed were revoked on 25-October-2018.  The first one listed (DigiCert Federated ID L4 CA) has its parent CAs revoked.
Status: UNCONFIRMED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.