Incident Report - Entrust Datacard issued certificates with the incorrect Organization Name

Skip to first unread message


Mar 15, 2019, 4:58:52 PM3/15/19
On March 7, 2019, Entrust Datacard discovered that SSL certificates with the wrong Organization value were issued to a customer. The investigation was completed 15 March 2019.

Details of the incident report can be found here,

All certificates will be revoked by 20 March 2019.

Thanks, Bruce.

Tim Hollebeek

Mar 15, 2019, 5:22:16 PM3/15/19
to Bruce,
What is the rationale for waiting until March 20th for revocation given that
the issue was noticed on March 7th?

> _______________________________________________
> dev-security-policy mailing list

Ryan Sleevi

Mar 15, 2019, 5:27:36 PM3/15/19
to Bruce,
To echo Tim's remarks, this is really two issues:

1) A failure of controls (the current incident report)
2) A failure to revoke

I'm rather concerned about #2 and the lack of detail presently provided
regarding it, as well as the one week wait to filing the incident report
for #1.
Reply all
Reply to author
0 new messages