Open Bug 2010885 Opened 17 hours ago Updated 15 hours ago

Sectigo: Inaccuracy of CCADB-Disclosed URL for eIDAS CP/CPS

Tracking

(Not tracked)

Status:

ASSIGNED

People

(Reporter: martijn.katerbarg, Assigned: martijn.katerbarg)

Details

(Whiteboard: [ca-compliance] [disclosure-failure])

Martijn Katerbarg

Assignee

Description

•

17 hours ago

Preliminary Incident Report

Summary

Incident description:

On November 20th, 2025 we performed a CMS migration and deployment. Due to a data inaccuracy only affecting the new CMS database, the direct URL for the Sectigo eIDAS CP/CPS was inadvertently changed without us becoming aware.

While the CP/CPS itself remained publicly accessible via our website navigation, the specific URL disclosed in CCADB was no longer valid after this deployment.

Relevant policies: CCADB Policy Version 2.0, Section 4: Policy Disclosures:

“CA Owners SHOULD ensure these updated policy document(s) are submitted to the CCADB within 7 calendar days of the policy document’s effective date, and MUST ensure they are submitted within 14 calendar days of that effective date.”

Source of incident disclosure: Third Party Reported

incident-reporting

Updated

•

15 hours ago

Assignee: nobody → martijn.katerbarg

Status: UNCONFIRMED → ASSIGNED

Ever confirmed: true

Whiteboard: [ca-compliance] [disclosure-failure]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Sectigo: Inaccuracy of CCADB-Disclosed URL for eIDAS CP/CPS

Categories

(CA Program :: CA Certificate Compliance, task)

Tracking

(Not tracked)

People

(Reporter: martijn.katerbarg, Assigned: martijn.katerbarg)

References

Details

(Whiteboard: [ca-compliance] [disclosure-failure])

Crash Data

Security

(public)

User Story

Description

Preliminary Incident Report

Summary

Updated