DigiCert to Revoke Thousands of Certificates Following Domain Validation Error

DigiCert, a leading digital certificate provider, has announced the revocation of thousands of certificates due to a domain validation error.

This decision follows the discovery of a critical issue in their Domain Control Validation (DCV) process, which has affected approximately 0.4% of their issued certificates.

The company is taking swift action to comply with the CA/Browser Forum (CABF) rules, which mandate the revocation of non-compliant certificates within 24 hours.

The Issue: Missing Underscore Prefix

The problem arose from an omission in the DCV process: Some DNS CNAME records did not include the required underscore prefix.

This prefix is crucial to ensure that the random value used for validation does not collide with actual domain names.

DigiCert’s recent modernization of its validation systems inadvertently led to this oversight. The legacy system automatically added the underscore, but the new architecture failed to do so in certain scenarios.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

CABF Baseline Requirements, any non-compliance in domain validation necessitates immediate revocation of the affected certificates. DigiCert has acknowledged this lapse and is working diligently to rectify the situation.

Impacted customers have been notified and are required to replace their certificates within 24 hours. DigiCert has provided detailed instructions for reissuing certificates through their CertCentral account.

Customers must log in, identify the impacted certificates, generate a new Certificate Signing Request (CSR), and complete any additional validation steps.

Specific instructions are available to automate the replacement process for those using a certificate management solution like Trust Lifecycle Manager.

DigiCert has assured customers that their support team is ready to assist with any questions or issues related to the issuance process. Customers can contact their account manager or reach out to DigiCert Support directly.

Preventive Measures and Future Actions

In response to this incident, DigiCert has outlined several preventive measures to avoid similar issues in the future. These include:

  • Consolidation and review of all random value generators across DCV.
  • Simplification of the user experience to eliminate the need for customers to know specific random value formats.
  • Embedding compliance team members in all Certificate Authority (CA) and Registration Authority (RA) sprint teams.
  • Increasing test coverage with compliance-based automated test cases.
  • Open-sourcing DCV for community review.

DigiCert is committed to maintaining the highest standards of security and compliance. The company has taken immediate steps to address the issue and prevent its recurrence, ensuring its digital certificates’ continued trust and reliability.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

4 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

4 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

5 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

5 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

8 hours ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

9 hours ago