IdenTrust mis-issuance of an EV SSL Certificate

[IdenTrust Inc]

Today 4/28/2020 we issued an internal end-entity EV SSL certificate that was immediately caught and revoked prior to deployment as we noted certain details in the Subject that were not accurate.
A formal incident report will follow while we investigate, document the details, and undertake corrective actions.
This the certificate: https://crt.sh/?id=2740887794

[IdenTrust Inc]

This issue has been corrected and a temporary solution to avoid recurrence was implemented on the same day it was encountered; we are still in the process of formulating permanent corrective measures and solution to share with the community via the expected formal Incident Report.

[Ryan Sleevi]

Thanks. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1635279
so you can fill in with the fuller set of details requested from
https://wiki.mozilla.org/CA/Responding_To_An_Incident

On Fri, May 1, 2020 at 4:50 PM IdenTrust Inc via dev-security-policy
<dev-secur...@lists.mozilla.org> wrote:
>
> This issue has been corrected and a temporary solution to avoid recurrence was implemented on the same day it was encountered; we are still in the process of formulating permanent corrective measures and solution to share with the community via the expected formal Incident Report.
>

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy