Who:
Certificate Authority: DigiCert
Impacted Entities: 6,807 customers, including those in critical infrastructure
What:
Issue: DigiCert will revoke 83,267 SSL/TLS certificates within 24 hours due to improper Domain Control Validation (DCV).
Cause: Failure to include an underscore prefix in random values used for DNS CNAME-based domain validation.
Impact:
Affected Systems: Approximately 0.4% of domain validations, leading to potential disruptions for websites, services, and applications relying on these certificates for secure communication.
Customer Action: Notified customers must replace their certificates by signing into their DigiCert accounts, generating a Certificate Signing Request (CSR), and reissuing them after passing DCV.
Agency Alert: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about possible temporary disruptions.
Final Revocation: All impacted certificates were revoked by August 3, 2024, 7:30 p.m. UTC, with exceptions for critical infrastructure customers handled individually.
Read the full article HERE