Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DigiCert to Revoke SSL/TLS Certificates

July 31, 2024
Reading Time: 3 mins read
in Alerts
DigiCert to Revoke SSL/TLS Certificates

DigiCert, a leading certificate authority, has announced a major security issue affecting thousands of SSL/TLS certificates due to a Domain Control Verification error. The problem was identified when it was discovered that DigiCert’s DNS-based verification process had a flaw: it failed to include an underscore prefix in CNAME records used for domain validation. This minor oversight has significant implications, impacting approximately 0.4% of domain validations conducted by the company. The error violates the CA/Browser Forum’s (CABF) Baseline Requirements, which mandate that such records must include an underscore in certain situations to prevent domain name collisions.

The CABF requirements are stringent, designed to ensure that domain validation is carried out properly and securely. By not adhering to these rules, DigiCert’s certificates were deemed non-compliant, prompting the need for immediate action. According to CABF regulations, any certificate found to be non-compliant must be revoked within 24 hours of discovery. This rule is in place to prevent potential security vulnerabilities and to maintain the integrity of the certification process. As a result, DigiCert has been forced to revoke all affected certificates within this tight timeframe.

DigiCert has moved quickly to address the issue, notifying all impacted customers and providing them with urgent instructions. Customers are advised to log into their DigiCert CertCentral accounts to identify and reissue or rekey their affected certificates. They must complete any additional required validation steps and install the new SSL/TLS certificates promptly. DigiCert has emphasized the critical nature of this action, as failure to replace the compromised certificates could result in disruptions to website security and operations.

The root cause of the problem has been traced back to changes made in DigiCert’s domain validation systems in August 2019. These changes, part of a modernization effort, inadvertently removed a crucial validation step, which went undetected due to limitations in the company’s regression testing procedures. DigiCert has apologized for any inconvenience caused and is committed to assisting its customers throughout the remediation process. The company is also reviewing its validation processes to prevent similar issues in the future and to enhance overall security measures.

Reference:

  • DigiCert to Revoke SSL/TLS Certificates Due to Domain Verification Error
Tags: authorityCyber AlertsCyber Alerts 2024Cyber RiskCyber threatsDigiCertDNSJuly 2024
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial