Closed Bug 1550576 Opened 5 years ago Closed 5 years ago

SSL.com: Expired CRLs

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: kathleen.a.wilson, Assigned: chris)

Details

(Whiteboard: [ca-compliance] Expired CRLs)

While processing revoked intermediate certificates for OneCRL (Bug #1550537#c1) we found that the following CRLs are expired.

4E2D1D96BCC25CA3
Domain The Net Technologies Ltd CA for Code Signing
http://crls.ssl.com/SSL.com-Enterprise-Intermediate-RSA-4096-R1.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com Enterprise Intermediate CA RSA R1
Last Update: Apr 5 17:02:00 2019 GMT
Next Update: Apr 12 17:02:00 2019 GMT

4FD1E22E10E534D5
Domain The Net Technologies Ltd CA for SSL
http://crls.ssl.com/SSL.com-Enterprise-Intermediate-RSA-4096-R1.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com Enterprise Intermediate CA RSA R1
Last Update: Apr 5 17:02:00 2019 GMT
Next Update: Apr 12 17:02:00 2019 GMT

21316F97A5B48BA2
Domain The Net Technologies Ltd CA for EV SSL
http://crls.ssl.com/SSL.com-Enterprise-Intermediate-EV-RSA-4096-R1.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com EV Enterprise Intermediate CA RSA R1
Last Update: Apr 5 17:01:00 2019 GMT
Next Update: Apr 12 17:01:00 2019 GMT

713C71899E0B08E4
MilleniumSign SSL Certificate CA RSA
http://crl.ca.pki.africa/IntercloudVentures-Intermediate-SSL-RSA-4096-R1.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=SC/ST=Mah\xC3\xA9/L=Victoria/O=InterCloud Ventures Inc/CN=InterCloud SSL Certificate CA RSA
Last Update: Apr 5 17:01:54 2019 GMT
Next Update: Apr 12 17:01:54 2019 GMT

55F682A2D378385A
MilleniumSign for EV SSL
http://crls.ssl.com/IntercloudVentures-Intermediate-EV-SSL-RSA-4096-R1.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=SC/O=InterCloud Ventures Inc/CN=InterCloud Ventures CA for EV SSL RSA
Last Update: Apr 5 17:01:27 2019 GMT
Next Update: Apr 12 17:01:27 2019 GMT

30CCE71C88D96294
MilleniumSign EV SSL Certificate CA RSA
http://crl.ca.pki.africa/IntercloudVentures-Intermediate-EV-SSL-RSA-4096-R2.crl
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=SC/ST=Mah\xC3\xA9/L=Victoria/O=InterCloud Ventures Inc/CN=InterCloud EV SSL Certificate CA RSA
Last Update: Apr 5 17:00:55 2019 GMT
Next Update: Apr 12 17:00:55 2019 GMT

Hello Kathleen,

All listed issuing CAs were previously revoked, and thus cannot issue new CRLs.

Please let us know if there are any other concerns on this issue.

Regards,

Chris Kemmerer

Closing this bug as invalid because the parent cert is revoked, so CA is unable to create new CRL. CCADB has a revocation status option for "Parent Cert Revoked", but I didn't notice that was the situation here. Since our current batch of additions to OneCRL is large and already verified, I'm going to let it continue as-is.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.