Open Bug 2012326 Opened 6 hours ago

FNMT: Issuance of certificate using keys previously reported as compromised

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: amaya.espinosa, Unassigned)

Details

Preliminary Incident Report

Summary

  • Incident description:
    On January 23, we became aware of the existence of a certificate issued using the same key previously revoked with reason code keyCompromise. FNMT has initiated an investigation to confirm that no further certificates are affected and to determine the root cause. The certificate has been revoked within 24 hours, in accordance with the BR, and we will submit a full incident report by February 6.
  • Relevant policies: TLS Baseline Requirement Section 6.1.1.3.

The CA SHALL reject a certificate request if one or more of the following conditions are met:
...
4.The CA has previously been notified that the Applicant’s Private Key has suffered a Key Compromise using the CA’s procedure for revocation request as described in Section 4.9.3 and Section 4.9.12;

  • Source of incident disclosure: Third Party Reported
You need to log in before you can comment on or make changes to this bug.