DigiCert to Revoke Thousands of Certificates Following Domain Validation Error

DigiCert, a leading digital certificate provider, has announced the revocation of thousands of certificates due to a domain validation error.

This decision follows the discovery of a critical issue in their Domain Control Validation (DCV) process, which has affected approximately 0.4% of their issued certificates.

The company is taking swift action to comply with the CA/Browser Forum (CABF) rules, which mandate the revocation of non-compliant certificates within 24 hours.

The Issue: Missing Underscore Prefix

The problem arose from an omission in the DCV process: Some DNS CNAME records did not include the required underscore prefix.

This prefix is crucial to ensure that the random value used for validation does not collide with actual domain names.

DigiCert’s recent modernization of its validation systems inadvertently led to this oversight. The legacy system automatically added the underscore, but the new architecture failed to do so in certain scenarios.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

CABF Baseline Requirements, any non-compliance in domain validation necessitates immediate revocation of the affected certificates. DigiCert has acknowledged this lapse and is working diligently to rectify the situation.

Impacted customers have been notified and are required to replace their certificates within 24 hours. DigiCert has provided detailed instructions for reissuing certificates through their CertCentral account.

Customers must log in, identify the impacted certificates, generate a new Certificate Signing Request (CSR), and complete any additional validation steps.

Specific instructions are available to automate the replacement process for those using a certificate management solution like Trust Lifecycle Manager.

DigiCert has assured customers that their support team is ready to assist with any questions or issues related to the issuance process. Customers can contact their account manager or reach out to DigiCert Support directly.

Preventive Measures and Future Actions

In response to this incident, DigiCert has outlined several preventive measures to avoid similar issues in the future. These include:

  • Consolidation and review of all random value generators across DCV.
  • Simplification of the user experience to eliminate the need for customers to know specific random value formats.
  • Embedding compliance team members in all Certificate Authority (CA) and Registration Authority (RA) sprint teams.
  • Increasing test coverage with compliance-based automated test cases.
  • Open-sourcing DCV for community review.

DigiCert is committed to maintaining the highest standards of security and compliance. The company has taken immediate steps to address the issue and prevent its recurrence, ensuring its digital certificates’ continued trust and reliability.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked…

3 minutes ago

Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in 2025,…

13 minutes ago

Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time

Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered productivity…

18 minutes ago

Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks

A major cyberattack on the Coweta County School System's computer network occurred late Friday night, which is a worrying development for New Mexico's educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school…

19 minutes ago

Initial Access Brokers Play a Vital Role in Modern Ransomware Attacks

The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like Initial…

26 minutes ago

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising an…

38 minutes ago