DigiCert, a leading digital certificate provider, has announced the revocation of thousands of certificates due to a domain validation error.
This decision follows the discovery of a critical issue in their Domain Control Validation (DCV) process, which has affected approximately 0.4% of their issued certificates.
The company is taking swift action to comply with the CA/Browser Forum (CABF) rules, which mandate the revocation of non-compliant certificates within 24 hours.
The problem arose from an omission in the DCV process: Some DNS CNAME records did not include the required underscore prefix.
This prefix is crucial to ensure that the random value used for validation does not collide with actual domain names.
DigiCert’s recent modernization of its validation systems inadvertently led to this oversight. The legacy system automatically added the underscore, but the new architecture failed to do so in certain scenarios.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
CABF Baseline Requirements, any non-compliance in domain validation necessitates immediate revocation of the affected certificates. DigiCert has acknowledged this lapse and is working diligently to rectify the situation.
Impacted customers have been notified and are required to replace their certificates within 24 hours. DigiCert has provided detailed instructions for reissuing certificates through their CertCentral account.
Customers must log in, identify the impacted certificates, generate a new Certificate Signing Request (CSR), and complete any additional validation steps.
Specific instructions are available to automate the replacement process for those using a certificate management solution like Trust Lifecycle Manager.
DigiCert has assured customers that their support team is ready to assist with any questions or issues related to the issuance process. Customers can contact their account manager or reach out to DigiCert Support directly.
In response to this incident, DigiCert has outlined several preventive measures to avoid similar issues in the future. These include:
DigiCert is committed to maintaining the highest standards of security and compliance. The company has taken immediate steps to address the issue and prevent its recurrence, ensuring its digital certificates’ continued trust and reliability.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…