Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DigiCert to Revoke SSL/TLS Certificates

July 31, 2024
Reading Time: 3 mins read
in Alerts
DigiCert to Revoke SSL/TLS Certificates

DigiCert, a leading certificate authority, has announced a major security issue affecting thousands of SSL/TLS certificates due to a Domain Control Verification error. The problem was identified when it was discovered that DigiCert’s DNS-based verification process had a flaw: it failed to include an underscore prefix in CNAME records used for domain validation. This minor oversight has significant implications, impacting approximately 0.4% of domain validations conducted by the company. The error violates the CA/Browser Forum’s (CABF) Baseline Requirements, which mandate that such records must include an underscore in certain situations to prevent domain name collisions.

The CABF requirements are stringent, designed to ensure that domain validation is carried out properly and securely. By not adhering to these rules, DigiCert’s certificates were deemed non-compliant, prompting the need for immediate action. According to CABF regulations, any certificate found to be non-compliant must be revoked within 24 hours of discovery. This rule is in place to prevent potential security vulnerabilities and to maintain the integrity of the certification process. As a result, DigiCert has been forced to revoke all affected certificates within this tight timeframe.

DigiCert has moved quickly to address the issue, notifying all impacted customers and providing them with urgent instructions. Customers are advised to log into their DigiCert CertCentral accounts to identify and reissue or rekey their affected certificates. They must complete any additional required validation steps and install the new SSL/TLS certificates promptly. DigiCert has emphasized the critical nature of this action, as failure to replace the compromised certificates could result in disruptions to website security and operations.

The root cause of the problem has been traced back to changes made in DigiCert’s domain validation systems in August 2019. These changes, part of a modernization effort, inadvertently removed a crucial validation step, which went undetected due to limitations in the company’s regression testing procedures. DigiCert has apologized for any inconvenience caused and is committed to assisting its customers throughout the remediation process. The company is also reviewing its validation processes to prevent similar issues in the future and to enhance overall security measures.

Reference:

  • DigiCert to Revoke SSL/TLS Certificates Due to Domain Verification Error
Tags: authorityCyber AlertsCyber Alerts 2024Cyber RiskCyber threatsDigiCertDNSJuly 2024
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial