Open Bug 2052085 Opened 3 days ago Updated 2 days ago

Certainly: Missing audit log entries for certificates issued during capacity testing

Categories

(CA Program :: CA Certificate Compliance, task)

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: djeffery, Assigned: djeffery)

Details

(Whiteboard: [ca-compliance] [uncategorized])

Preliminary Incident Report

Summary

  • Incident description: While performing our annual WebTrust audit,
    Certainly identified that 5,868 certificates issued during planned capacity
    characterization testing on 2026-04-01 and 2026-04-02 are missing some or all
    expected audit log entries. The root cause is kernel-level syslog socket
    saturation under sustained high-volume issuance (280–360 certificates/second).
    All affected certificates have since expired (30-day validity); zero remain
    valid. One certificate among the affected set was a typical subscriber issuance
    while the remaining 5,867 were all generated by the load testing harness.
    Certainly is developing remediation to prevent this failure pathway and to
    monitor for missing audit entries in the future.
  • Relevant policies:
    • Certainly CP/CPS §5.4 (Records Archival / Audit Logging)
    • Baseline Requirements §5.4.1 (Types of Events Recorded)
    • NCSSRs §3.2 (Security Monitoring)
  • Source of incident disclosure: Self Reported

Certainly will publish a full incident report by 2026-07-13.

Assignee: nobody → djeffery
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance] [uncategorized]
You need to log in before you can comment on or make changes to this bug.