July 31, 2024 at 10:28AM
DigiCert will revoke SSL/TLS certificates due to an oversight in domain verification. The issue occurred when a random value was not prefixed with an underscore character, leading to improper domain control validation. Approximately 0.4% of certificates are affected, prompting impacted customers to replace their certificates. The incident may cause temporary disruptions, as warned by CISA.
After reviewing the meeting notes, the key takeaways are:
– Certification authority DigiCert is revoking a subset of SSL/TLS certificates due to an oversight in domain control validation (DCV).
– The oversight was related to the omission of the underscore prefix with random values in CNAME-based validation cases, impacting approximately 0.4% of domain validations.
– Customers are advised to replace their certificates promptly by following the reissuance process, as per DigiCert’s recommendations.
– The revocation of certificates may lead to temporary disruptions to websites, services, and applications, as highlighted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in their published alert.