Closed Bug 1891251 Opened 1 year ago Closed 1 year ago

FIRMAPROFESIONAL: Delayed leaf revocation

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ext-antoni.camon, Assigned: ext-antoni.camon)

Details

(Whiteboard: [ca-compliance] [leaf-revocation-delay] )

Incident Report

Summary

As indicated in bug #1889420 opened on April 5, our procedure was able to revoke all affected certificates in less than 5 days, except one.

On April 9th, it was communicated that revocation of this certificate was not possible due to it being located in essential and critical hospital and healthcare systems of a public administration. Therefore, the certificate holder requested additional time for replacement with a new certificate.

In continuous contact with the client, and once they confirmed the certificate change, revocation of the certificate took place at 10:21 AM (UTC) today, Friday.

Impact

Fortunately, given the nature of the incident, there is NO impact in terms of security, usability, compatibility, or business, neither for Firmaprofesional's clients nor for the Community.

The total number of affected certificates in this delay revocation bug is 1.

Timeline

All times are UTC.

2024-04-04:

13:27 The SSL certificate mentioned in the email sent by SECTIGO is revoked.

14:30 The investigation finds 499 affected certificates, of which 490 are still valid.

15:00 Preparations for communications to clients begin. The certificates will be revoked in 5 days.

2024-04-12:

10:21 The affected certificate has been revoked.

Root Cause Analysis

After the revocation of the 498 certificates on April 9, there remained a single certificate to be revoked because it is located in critical and essential systems of a public health administration.

Lessons Learned

What went well

The Commercial and Support Department of Firmaprofesional immediately began working to resolve the revocation and issuance of the 498 certificates.

Regular meetings were held with the affected entity, providing support for the certificate change in the affected critical systems

What didn't go well

We have not been able to meet the 5-day deadline for revoking all certificates

Where we got lucky

Fortunately, given the nature of the non-conformity, it has no impact whatsoever in terms of security, usability, compatibility, or business, neither for Firmaprofesional's clients nor for the Community.

Action Items

| Action Item | Kind | Due Date |

| See in bug #1889420 |

Appendix

Details of affected certificates

https://crt.sh/?id=10494662511

Is this a delayed incident report or a delayed leaf revocation?

Flags: needinfo?(ext-antoni.camon)

It's a delayed leaf revocation

Flags: needinfo?(ext-antoni.camon)
Assignee: nobody → ext-antoni.camon
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: FIRMAPROFESIONAL: Delay incident report → FIRMAPROFESIONAL: Delayed leaf revocation
Whiteboard: [ca-compliance] [leaf-revocation-delay]

Does anyone have any comments, questions, or suggestions? If not, then I'd suggest that this be closed sometime next week (May 27-31).

Flags: needinfo?(bwilson)
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.