Keywords:
A recent issue has been brought to Ebury's notice. The issue has affected some of the EV digital certificates issued by Entrust.
Summary:
Entrust discovered that some Extended Validation (EV) TLS certificates (EV Multi-Domain SSL, QWAC eIDAS, QWAC PSD2) were missing a specific component required by the EV Guidelines. This component links the certificate to the Certificate Policy (CP) and the Certification Practice Statement (CPS) of the issuer.
Entrust has taken steps to address the issue and prevent it from happening again. Any of the specified certificate types issued after 21:40 UTC today, Mar 18, 2024 are not affected.
Entrust is required to revoke affected certificates as soon as possible, which will occur on Saturday, March 23, 2024 at 21:00 UTC
ACTION REQUIRED:
The affected EV Certificates issued after September 11th, 17:40 UTC, 2023, to March 18th, 21:40 UTC, 2024, will need to be replaced by issuing a new certificate and revoking the old certificate(s) shortly thereafter.
TPP ‘s Qwac certificates may also be affected. TPPs should be contacted directly by Entrust.
You can also check, on your side, your certificates to see if there is any EV digital certificate and contact Entrust if a renewal is required.
This will speed up the renewal process and avoid any incidents in production.