Symantec has an additional disclosure regarding internal name certificates
valid after October 1. First, we disclose 3 certificates that remained valid
after October 1 but expired prior to our previous report. Second, we
disclose 3 certificates that were revoked as a result of our analysis but
not included in our initial report.
The cause of both issues is the execution of a query to inform us what
action needed to be taken within 24 hours. That result excluded revoked and
expired certificates. This led to our initial report of additional
certificates revoked along with the one reported to us by Nick Lamb.
The specific cause of the additional revoked but not disclosed certificates
is proactive effort by a team member to consult with two customers with
relationship/enterprise accounts concurrent with other efforts to work with
individual certificate owners. The revoked relationship/enterprise account
certificates we disclose today were revoked prior to execution of the report
and the report was used as the basis for our prior disclosure.
Disclosure:
https://crt.sh/?q=3518624
https://crt.sh/?q=78728901
https://crt.sh/?q=78728902
https://crt.sh/?q=78728903
https://crt.sh/?q=78728904
https://crt.sh/?q=78728905
> We conducted a search of our databases in September 2016, in which we
> examined every CN and SAN in every certificate still valid at the time.
Each
> CN and SAN was examined to see if it contained no dot or an invalid DNS
> suffix; if so, the certificate was classified as an internal server cert
and
> revoked. For all remaining CNs and SANs, those were checked against our
> internal list of TLDs built from information provided by ICANN and IANA.
That
> list had a status value associated with each TLD, and our mistake was in
> excluding TLDs with certain status values.
>
> Our scans conducted this week discovered three additional certificates
that
> had not been revoked as of October 2016. These, and the certificate
> discovered by Nick, have now been revoked. Here are the links to those
> certificates:
>
>
https://clicktime.symantec.com/a/1/zaK1Ry0U7rpBU7N7oUg8VKvELOYaomC
> 6td_b_grLhtQ=?d=1Tjdh1nkBUvl3Ieoed4QOfdma64XoBtRI7P4FrBClOZzIPZC6
> gloJVNfUNg7YuoczOU1s5h2FQEikj_V4Ek5gom-
> nUsaD5z1M_mr1BK_8M5KQx5C4M6oPnnIGHObc6tL3ilL07CqP7riK7XrmNexc
> _jukzroGa-ablqJpuYEfAsJXEkYRZLKsjUdW5nvTQ8rdmamWA6T_-
> 7CR8rpZFMtJ3OUHyIBvnFwqBIeteRjXzTHckwBBi3RZ8XQIlN8WokwyTFhO9otr
> lKAPBNSs9Y_kKCnwrJ7cl_y7enkSqc8A4Fmu57zdPIvh1c4sxaFQEBSyPTztGqi1L
> ai72GG1ArkQrZrGwBYvLscIjca4dTCi6JyGANQtcoumZ5Dzk6G4WK2SkVtDPMT
> pZ9YT1Hr16bXatTxRll3mWVHnROQDbDnmyzKOC_1uYVyyZTfj_HYA90Z4htBg
> MyBCz_rhfAbwqHhXd6ijIZdKd_pHhu_WA%3D%3D&u=https%3A%2F%2Fcrt.
> sh%2F%3Fsha256%3DA642406A2BDF92DF8C9FB9322A81736506DDED79A20A
> 7CD33CBEFD2AD2581167
>
https://clicktime.symantec.com/a/1/0-
> oGgxxfVZ5MoF1oKVElUpBOfhFQcamcIpg21Ex6nNI=?d=1Tjdh1nkBUvl3Ieoed
> 4QOfdma64XoBtRI7P4FrBClOZzIPZC6gloJVNfUNg7YuoczOU1s5h2FQEikj_V4E
> k5gom-
> nUsaD5z1M_mr1BK_8M5KQx5C4M6oPnnIGHObc6tL3ilL07CqP7riK7XrmNexc
> _jukzroGa-ablqJpuYEfAsJXEkYRZLKsjUdW5nvTQ8rdmamWA6T_-
> 7CR8rpZFMtJ3OUHyIBvnFwqBIeteRjXzTHckwBBi3RZ8XQIlN8WokwyTFhO9otr
> lKAPBNSs9Y_kKCnwrJ7cl_y7enkSqc8A4Fmu57zdPIvh1c4sxaFQEBSyPTztGqi1L
> ai72GG1ArkQrZrGwBYvLscIjca4dTCi6JyGANQtcoumZ5Dzk6G4WK2SkVtDPMT
> pZ9YT1Hr16bXatTxRll3mWVHnROQDbDnmyzKOC_1uYVyyZTfj_HYA90Z4htBg
> MyBCz_rhfAbwqHhXd6ijIZdKd_pHhu_WA%3D%3D&u=https%3A%2F%2Fcrt.
> sh%2F%3Fsha256%3D12B3CCC45D66B9CB2206DEF1C5A24B062CCC938694C92
> A0806D1D34845C0FC19
>
https://clicktime.symantec.com/a/1/UzPJvyQ4_OFDb-
> clEVONu_2vV6i20nAXDeD9Ur9jZvw=?d=1Tjdh1nkBUvl3Ieoed4QOfdma64Xo
> BtRI7P4FrBClOZzIPZC6gloJVNfUNg7YuoczOU1s5h2FQEikj_V4Ek5gom-
> nUsaD5z1M_mr1BK_8M5KQx5C4M6oPnnIGHObc6tL3ilL07CqP7riK7XrmNexc
> _jukzroGa-ablqJpuYEfAsJXEkYRZLKsjUdW5nvTQ8rdmamWA6T_-
> 7CR8rpZFMtJ3OUHyIBvnFwqBIeteRjXzTHckwBBi3RZ8XQIlN8WokwyTFhO9otr
> lKAPBNSs9Y_kKCnwrJ7cl_y7enkSqc8A4Fmu57zdPIvh1c4sxaFQEBSyPTztGqi1L
> ai72GG1ArkQrZrGwBYvLscIjca4dTCi6JyGANQtcoumZ5Dzk6G4WK2SkVtDPMT
> pZ9YT1Hr16bXatTxRll3mWVHnROQDbDnmyzKOC_1uYVyyZTfj_HYA90Z4htBg
> MyBCz_rhfAbwqHhXd6ijIZdKd_pHhu_WA%3D%3D&u=https%3A%2F%2Fcrt.
> sh%2F%3Fsha256%3DE90AFAE4998D2B8103058ADF35810D87CCE5E98A0E1D6
> 91D2A558A6A4E115BAC
>
> Thanks again to Nick for discovering this and pointing it out.
>