Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DigiCert to Revoke SSL/TLS Certificates

July 31, 2024
Reading Time: 3 mins read
in Alerts
DigiCert to Revoke SSL/TLS Certificates

DigiCert, a leading certificate authority, has announced a major security issue affecting thousands of SSL/TLS certificates due to a Domain Control Verification error. The problem was identified when it was discovered that DigiCert’s DNS-based verification process had a flaw: it failed to include an underscore prefix in CNAME records used for domain validation. This minor oversight has significant implications, impacting approximately 0.4% of domain validations conducted by the company. The error violates the CA/Browser Forum’s (CABF) Baseline Requirements, which mandate that such records must include an underscore in certain situations to prevent domain name collisions.

The CABF requirements are stringent, designed to ensure that domain validation is carried out properly and securely. By not adhering to these rules, DigiCert’s certificates were deemed non-compliant, prompting the need for immediate action. According to CABF regulations, any certificate found to be non-compliant must be revoked within 24 hours of discovery. This rule is in place to prevent potential security vulnerabilities and to maintain the integrity of the certification process. As a result, DigiCert has been forced to revoke all affected certificates within this tight timeframe.

DigiCert has moved quickly to address the issue, notifying all impacted customers and providing them with urgent instructions. Customers are advised to log into their DigiCert CertCentral accounts to identify and reissue or rekey their affected certificates. They must complete any additional required validation steps and install the new SSL/TLS certificates promptly. DigiCert has emphasized the critical nature of this action, as failure to replace the compromised certificates could result in disruptions to website security and operations.

The root cause of the problem has been traced back to changes made in DigiCert’s domain validation systems in August 2019. These changes, part of a modernization effort, inadvertently removed a crucial validation step, which went undetected due to limitations in the company’s regression testing procedures. DigiCert has apologized for any inconvenience caused and is committed to assisting its customers throughout the remediation process. The company is also reviewing its validation processes to prevent similar issues in the future and to enhance overall security measures.

Reference:

  • DigiCert to Revoke SSL/TLS Certificates Due to Domain Verification Error
Tags: authorityCyber AlertsCyber Alerts 2024Cyber RiskCyber threatsDigiCertDNSJuly 2024
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial