DigiCert, a leading provider of digital certificates, recently encountered an issue with certain certificates not being compliant with the CA/Browser Forum (CABF) rules. The CABF mandates that a specific format of the DNS CNAME entry include a random value prefixed with an underscore. Due to this oversight, DigiCert identified that some certificates needed to be revoked within 24 hours as per CABF regulations.
In response to this situation, DigiCert notified its customers through an update on its status page and sent out emails explaining the issue. The company acknowledged that some customers, particularly those operating critical infrastructure, might face challenges in reissuing and deploying new certificates promptly without causing disruptions to their services. To address these concerns, DigiCert initiated discussions with browser representatives and impacted customers to explore potential solutions.
After deliberations with relevant stakeholders, DigiCert announced that it would exercise flexibility in enforcing the 24-hour revocation requirement for certificates under exceptional circumstances. This decision came after considering the potential impact on critical services and striving to minimize any disruptions. The company emphasized the importance of maintaining the security and stability of digital certificates while also ensuring the continuity of essential operations for customers.
Following these developments, DigiCert continued to engage with affected customers to facilitate the replacement of non-compliant certificates. Many customers successfully reissued their certificates within the prescribed timeframe, while others applied for delayed revocations due to exceptional circumstances. DigiCert assured customers that it was actively working with them to address individual situations and find suitable resolutions.
As part of its ongoing efforts to resolve the issue, DigiCert informed customers that it had stopped accepting applications for delayed revocation. The company remained committed to supporting customers through this process and ensuring compliance with industry standards. DigiCert’s proactive approach to managing the situation demonstrated its dedication to customer service and upholding the integrity of digital certificate issuance.
In conclusion, DigiCert’s response to the non-compliant certificates issue underscored the importance of collaboration between certificate authorities, browser representatives, and customers to address challenges effectively. By prioritizing the security and operational needs of customers, DigiCert navigated the situation with a focus on minimizing disruptions and facilitating timely resolutions. The incident highlighted the complexities involved in managing digital certificates and the critical role that proactive communication and cooperation play in ensuring the continued trust and reliability of online services.