Add Certisign-issued TLS certificate to OneCRL
Categories
(Core :: Security Block-lists, Allow-lists, and other State, task)
Tracking
()
People
(Reporter: bwilson, Assigned: bwilson, NeedInfo)
References
Details
(Whiteboard: [ca-onecrl])
Attachments
(1 file)
2.81 KB,
application/x-x509-ca-cert
|
Details |
As reported in Bug #1934361, this certificate - https://crt.sh/?sha256=421329f0dc2f683d6e96c1b5b310974d0997ad984ef69120f55372b4f48e1037, was mis-issued and should be added to OneCRL.
Assignee | ||
Comment 1•3 months ago
|
||
Assignee | ||
Comment 2•3 months ago
|
||
Here is the entryMaker-constructed OneCRL entry:
{
"issuerName": "MIGFMQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE1MDMGA1UECxMsQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIFJhaXogQnJhc2lsZWlyYSB2MTAxKjAoBgNVBAMTIUFDIENlcnRpc2lnbiBJQ1AtQnJhc2lsIFNTTCBFViBHNA==",
"serialNumber": "KIU0Rzkach52lIVJTnNXUg==",
"enabled": true,
"details": {
"who": "",
"created": "",
"bug": "1934630",
"name": "",
"why": ""
}
}
Assignee | ||
Updated•3 months ago
|
Comment 3•3 months ago
|
||
During our standard certificate monitoring, an internal miscommunication led us to incorrectly deem a legitimate request as a one issued in error. We apologize for the confusion and will be performing a postmortem on this issue.
Comment 4•3 months ago
|
||
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1934361#c16, as the certificate was still a mis-issuance due to the linting problems
Assignee | ||
Comment 5•2 months ago
|
||
Action on this is being suspended until we have more information.
![]() |
||
Updated•2 months ago
|
Assignee | ||
Comment 6•2 months ago
|
||
This certificate was revoked by the CA on 2024-12-13. Therefore, it no longer needs to be added to OneCRL.
Description
•