Certigna: Revocation delay for TLS certificates with basic constraint not marked as critical
Categories
(CA Program :: CA Certificate Compliance, task)
Tracking
(Not tracked)
People
(Reporter: j.allemandou, Assigned: j.allemandou, NeedInfo)
Details
(Whiteboard: [ca-compliance] [leaf-revocation-delay])
Attachments
(1 file)
|
133.96 KB,
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
Details |
Incident Report
TLS Certificates with Basic Constraint Extension marked non-critical were not revoked under 5 days as required by the Baseline Requirements.
Initial incident : https://bugzilla.mozilla.org/show_bug.cgi?id=1883416
Summary
Between September 15, 2023, and March 4, 2024, CERTIGNA has been issuing TLS certificates for which the Basic Constraint extension has not been marked "Critical".
Certigna has been informed of a non-conformity in TLS certificates on 4 march 2024, but certificates affected have not been revoked within 5 days and are not all revoked today.
Impact
Server Authentication certificates issued by CERTIGNA since the 15 September 2023 until the 4 March 2024 are affected and are not all revoked.
Most of these certificates having been issued to French state ministries and are used for public sensitive services.
After the reception and the confirmation of the non-conformity, the issuance of all CERTIGNA TLS certificates has been stopped. TLS certificates issuance has been enabled only after the correction of certificate profiles and CP/CPS update.
No direct security impact identified by CERTIGNA and no feedback from customers. However, certificates are not compliant with Baseline requirements.
Timeline
All times are UTC.
2024-09-15: Issuance of non-conform certificates
New profiles are applied for TLS certificates under “Baseline Requirements for TLS server certificates v2.0.0” with a precision on the criticy of Basic constraint extension. This information has not been clearly identified by the two people in charge of requirements monitoring.
2024-03-04:
- 01:20 Receiving and processing the alert
o 01:20: Reception on CERTIGNA generic contact email of a message from a third party informing us of a non-conformity.
o 09:22: Customer service processes the message and transfer it to support level 2
o 10:15: Message qualification and incident analysis by the security/compliance team.
o Notification of the incident to all employees involved in issuing TLS certificates. - 10:50 Stop producing TLS certificates
o Technical production of TLS certificates previously validated by AE stopped. The last TLS certificate was issued at 10:58.
o Registration Authority stops the validation of new certificates TLS applications - 11:00 Diagnosis and control of profiles
o Checks of all TLS certificates profiles with the applicable requirements
o Check that additional automatic controls are working properly (e.g. : cablint and certlint) to determine why no alerts have been already raised. - 12:00 Correction of TLS certificate profiles
o Update and validation of CP/CPS (version 4.3) with the extension evolution
o Update and validation of new TLS certificates profiles
o Publication of new CP/CPS
o Update on the CCADB website the date of the last CP/CPS - 14:00 Reactivation of TLS certificate issuance
- 15:30 Notification to the Supervisory body (ANSSI) and the Assessment body (LSTI)
- 16:56 Reply to the third party, which informs us about this non-conformity, with the link to the Bugzilla ticket to allow him to follow the incident progression.
2024-03-21 Mail to subscribers to inform them of the revocation of all certificates.
2024-03-26 Revocation of all affected certificates by the CA.
Root Cause Analysis
As we pointed out when we reported the incident, we had not identified any impact in terms of security or use of the certificate, information contained in the certificates was valid, and we don’t receive any alerts from our customers or software suppliers.
As we pointed out when we reported the incident, we had not identified any impact in terms of security or use of the certificate, don’t receive any alerts from our customers or software suppliers, information contained in the certificates was valid, and we did not wish to make public services unavailable: we decided to not initiate mass revocation of these certificates and let subscribers doing the revocation by themselves.
Automation services (e.g. ACME) are not yet available in CERTIGNA services, and it is actual difficult for subscribers to renew easily their certificate within 5 days.
Lessons Learned
What didn't go well
The criticality of the subscribers using Certigna certificates need to adapt our services and product to ensure reactivity and the capacity of our CA to replace in emergency subscribers’ certificates when a context of revocation is needed, and to comply with requirements.
We are working on the deployment and certification of new Certification Authorities with ACME protocol which will allow to renew quickly our subscribers’ certificates and to limit the impact of this kind of incident.
Moreover, the reduction of lifespan of TLS certificates will reduce the number of certificates which could be impacted by a non-compliance incident.
Action Items
| Action Item | Due Date |
| Strengthening of the team in charge of standards and technical monitoring | 2024-03-10 |
| Updating of the compliance management procedure with consolidations | 2024-03-10 |
| Notification to subscribers about the revocation the 26 March | 2024-03-21 |
| Revocation of all affected certificates | 2024-03-26|
Appendix
3661 valid OVCP TLS certificates affected. See Affected certificates list on attachment.
Details of affected certificates
All Server Authentication certificates issued since the 15 september.
3661 valid OVCP TLS certificates affected. See Affected certificates list on attachment.
Based on Incident Reporting Template v. 2.0
|
||
Updated•1 month ago
|
|
Assignee | |
Comment 1•1 month ago
|
||
Hello,
Since Wednesday, March 20, 2024, we have accelerated our support to our customers to proceed with the urgent replacement of certificates impacted by the Basic Constraint extension being changed to critical, and to enable the revocation of :
- 66% of certificates by March 26 (2,420 certificates)
- 90% of certificates by March 28 (3307 certificates)
- and 97% targeted for March 29
At this moment, the majority of certificates have been replaced. The remaining certificates (around 3%), mainly concern essential services of the French state or health services, whose revocation before certificate replacement will have critical consequences for users of these services. Letters have been received from the managers of these certificates, outlining the major risks and impacts, and requesting additional time.
Be confident that we are committed to replace all the certificates affected by this non-compliance within the next few days.
Thank you for your consideration
Best regards
Do have an update on revocation status? We are slightly beyond 'the next few days' and an update would be greatly appreciated.
The attached list of affected certificates here is a list of 'sans', 'not_before' and 'not_after' dates. I'm not sure how this could be relevant for ascertaining a revocation timeline unless expiration was the intent? The earliest 'not_after' is 23/07/2024 in any case.
Additionally could a list of serials for all 3661 impacted certificates please be provided?
As far as I can tell this impacts intermediaries: 'Certigna Wild CA' and 'Certigna Services CA' - is this accurate?
Hello Wayne,
Thank you for your message.
The list is already available in the initial ticket witth links to crt.sh (https://bugzilla.mozilla.org/show_bug.cgi?id=1883416) at the following URL: https://bugzilla.mozilla.org/attachment.cgi?id=9396036
We had initiated a plan to revoke and replace all impacted certificates and not replace them only after their expiration.
We confirm that all these certificates have been revoked and only concerned the “Certigna Services CA” and “Certigna Wild CA” authorities.
April 5, all certificates had been revoked except one, for a health organization which was revoked on April 9.
Best regards.
The reason I asked was due to there being 3794 entries in that attachment, while the issue notes 3661 impacted certificates. I presume the 133 additional certificates were expired by the time this issue was noticed?
Hello,
After a second check, we had found others certificates that needed to be revoked and for the lasts certificates, they were already revoked before the discovery of the incident. It's the reason the list of revoked certificates is longer than the initial.
Description
•