DigiCert QuoVadis


Incorrect OCSP Delegated Responder Certificate
10 Jul 2020

Incorrect OCSP Delegated Responder Certificate

St. Gallen, Switzerland, July 09, 2020

Recently it was reported that due to a missing technical certificate entry, many globally operating CA’s (Certificate Authority) are theoretically able to provide valid OCSP responses for certificates they have not issued and do not control. This issue has been extensively commented on by security researchers who have concluded that whilst the risk is low, it requires remediation by Certificate Authororities/TSPs. Some DigiCert+QuoVadis CA’s are also affected from this.

Technical discussion regarding this issue can be found at: https://bugzilla.mozilla.org/show_bug.cgi?id=1649938#c3

DigiCert+QuoVadis will revoke its affected CA’s at the defined time and support customers so that valid and correct replacement certificates are made available free of charge in time.

Customers with an urgent need for revocations have already been informed and specific solutions have been implemented.

The date for other CA’s revocation or reissue of affected certificates has not yet been officially defined. As soon as the date has been fixed, DigiCert+QuoVadis will contact its affected customers individually and inform them about the exact further procedure.

Until then, your affected certificates will remain valid.

If you have any further questions, please contact our support team: support.ch@quovadisglobal.com