DigiCert revokes SSL/TLS certificates due to domain validation failure

Updated on 29/07/2024

29/07/2024

DigiCert, a digital security company issuing SSL/TLS certificates and acting as a Certificate Authority (CA), has issued a statement to inform about the mass revocation of certificates lacking proper Domain Control Verification (DCV).

The company detected a bug generated during a system update in August 2019, when an underscore character, as a prefix, was not included with the random value used in some CNAME-based validation cases.

This bug has affected approximately 0.4% of the applicable domain validations that DigiCert has in force, according to the company itself, which has set 3 August as the deadline for those affected to replace their certificates.

References

29/07/2024

digicert.com

DigiCert Revocation Incident (CNAME-Based Domain Validation)
30/07/2024

status.digicert.com

DigiCert Revocation Incident - Incident Report for DigiCert
30/07/2024

cisa.gov

DigiCert Certificate Revocations
30/07/2024

bleepingcomputer.com

DigiCert mass-revoking TLS certificates due to domain validation bug
31/07/2024

theregister.com

DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder

Etiquetas