Security News > 2024 > July > DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain.

The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation.

"Before issuing a certificate to a customer, DigiCert validates the customer's control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum," it said.

One of the ways this is done hinges on the customer setting up a DNS CNAME record containing a random value provided to them by DigiCert, which then performs a DNS lookup for the domain in question to make sure that the random values are the same.

What the Utah-based company found was that it had failed to include the underscore prefix with the random value used in some CNAME-based validation cases.

Notified customers are recommended to replace their certificates as soon as possible by signing into their DigiCert accounts, generating a Certificate Signing Request, and reissuing them after passing DCV. The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency to publish an alert, stating that "Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication."

News URL

https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html