- How your CA first became aware of the problem
Entrust Datacard revoked a certificate after the 5 day deadline and noticed the issue when documenting the revoked certificate's mis-issuance report.
- A timeline of the actions your CA took in response
(All times are UTC)
November 19, 2018 11:54 – Certificate issued
November 20, 2018 17:37- Miss-issuance detected
November 20, 2018 17:37 - Investigation started
November 20, 2018 - Process was changed
November 21, 2018 17:19 - Verification team advised of the process issue
November 26, 2018 1:56 - Miss-issued certificate revoked
- Confirmation that your CA has stopped issuing TLS/SSL certificates with the problem
Entrust Datacard has updated the process to define a starting time and a revocation deadline.
- A summary of the problematic certificates
Only one certificate is the subject of this report, see section 5.
- The complete certificate data for the problematic certificates
Here is the list of miss-issued certificates:
- Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.
The revocation deadline was defined improperly. The Subscriber of the certificate was notified and offered change or refund to the certificate. The certificate was revoked after the response from the Subscriber, which was after the 5 day deadline.
- List of steps your CA is taking to resolve the situation
At the time that a miss-issuance has been determined, a revocation deadline will be set. The deadline will be based on the time of notification and not the time the investigation is complete. A 24 hour alarm will be set in our Support system with a notice to a distribution list. Managers on the distribution list will ensure that the certificate gets revoked before the deadline.