Saturday, September 7, 2024
Homecyber securityDigiCert to Revoke Thousands of Certificates Following Domain Validation Error

DigiCert to Revoke Thousands of Certificates Following Domain Validation Error

Published on

DigiCert, a leading digital certificate provider, has announced the revocation of thousands of certificates due to a domain validation error.

This decision follows the discovery of a critical issue in their Domain Control Validation (DCV) process, which has affected approximately 0.4% of their issued certificates.

The company is taking swift action to comply with the CA/Browser Forum (CABF) rules, which mandate the revocation of non-compliant certificates within 24 hours.

- Advertisement - EHA

The Issue: Missing Underscore Prefix

The problem arose from an omission in the DCV process: Some DNS CNAME records did not include the required underscore prefix.

This prefix is crucial to ensure that the random value used for validation does not collide with actual domain names.

DigiCert’s recent modernization of its validation systems inadvertently led to this oversight. The legacy system automatically added the underscore, but the new architecture failed to do so in certain scenarios.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

CABF Baseline Requirements, any non-compliance in domain validation necessitates immediate revocation of the affected certificates. DigiCert has acknowledged this lapse and is working diligently to rectify the situation.

Impacted customers have been notified and are required to replace their certificates within 24 hours. DigiCert has provided detailed instructions for reissuing certificates through their CertCentral account.

Customers must log in, identify the impacted certificates, generate a new Certificate Signing Request (CSR), and complete any additional validation steps.

Specific instructions are available to automate the replacement process for those using a certificate management solution like Trust Lifecycle Manager.

DigiCert has assured customers that their support team is ready to assist with any questions or issues related to the issuance process. Customers can contact their account manager or reach out to DigiCert Support directly.

Preventive Measures and Future Actions

In response to this incident, DigiCert has outlined several preventive measures to avoid similar issues in the future. These include:

  • Consolidation and review of all random value generators across DCV.
  • Simplification of the user experience to eliminate the need for customers to know specific random value formats.
  • Embedding compliance team members in all Certificate Authority (CA) and Registration Authority (RA) sprint teams.
  • Increasing test coverage with compliance-based automated test cases.
  • Open-sourcing DCV for community review.

DigiCert is committed to maintaining the highest standards of security and compliance. The company has taken immediate steps to address the issue and prevent its recurrence, ensuring its digital certificates’ continued trust and reliability.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...