View Issue Details

IDProjectCategoryView StatusLast Update
0001026Main CAcert Websitecertificate issuingpublic2013-02-12 21:45
ReporterINOPIAE Assigned ToUli60  
PrioritynormalSeverityminorReproducibilityhave not tried
Status needs workResolutionopen 
Summary0001026: Server Certificate was revoked but not by the user
DescriptionAccording to Ticket s20120322.119 a user reported that one of his server certificates with a expiration date 2013-01-28 16:16:19 was revoked on 2012-03-20 01:21:35.
The user reports that he did not revoke the certificate himself.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000773 closedBenBE No confirmation of revocation of server certificate 
related to 0001025 needs workNEOatNHNG Domain Dispute strange behaviour / Domain Dispute issue 
related to 0000935 new Pending of client certificates with an email address contains a special character 
related to 0000922 closedNEOatNHNG CAcert application code problem causing missing "certificate about to expire" messages 
related to 0000774 new No e-mail conformation when revoking org client certificate 
related to 0000483 closedINOPIAE Please send more verbose emails concerning certificate revocation 
related to 0000429 new Multiple server certificate renewals deleted a certificate 
related to 0000448 closedNEOatNHNG when revoking a certificate, confusing info is given to the user 
related to 0000893 closedINOPIAE Extend Delete account feature for support 

Activities

Uli60

2012-04-15 17:33

updater   ~0002929

This case was handled under Arbitration a20120324.1
https://wiki.cacert.org/Arbitrations/a20120324.1

Discovery process revealed no security leak.

User removed a domain with a link to a multiple SAN's (10 in total) server certificate.
On domain removal the system automaticly triggers a revoke server certificates process that will revoke all affected server certs. In case of a multiple SAN certificate this becomes inforseeable as only the main CN will be visible in the server certs overview list.

Its now upto the Software team, to find a solution to advance the server certs overview to list all related domains that are affected by a domain removal or to add a page in the delete domain process that lists all affected server certificates and requests a confirmation by the user who triggered the delete domain process:

delete domain
  x mydomain.tld
  process

=> This is the list of all affected server certificates that are affected by your delete domain request:
    x
    y
    z
Do you want to proceed with the delete domain process?

INOPIAE

2013-01-19 07:51

updater   ~0003707

In addition the multi-domain check needs to be implented in the Dispute Domain routine.

Issue History

Date Modified Username Field Change
2012-03-24 07:50 INOPIAE New Issue
2012-04-15 17:33 Uli60 Note Added: 0002929
2012-04-15 17:33 Uli60 Assigned To => Uli60
2012-04-15 17:33 Uli60 Status new => needs feedback
2012-12-22 20:31 Werner Dworak Relationship added related to 0000773
2012-12-22 20:33 Werner Dworak Relationship added related to 0001025
2012-12-22 20:43 Werner Dworak Relationship added related to 0000935
2012-12-22 20:46 Werner Dworak Relationship added related to 0000922
2012-12-22 20:49 Werner Dworak Relationship added related to 0000774
2012-12-22 20:52 Werner Dworak Relationship added related to 0000483
2012-12-22 20:53 Werner Dworak Relationship added related to 0000429
2012-12-22 20:54 Werner Dworak Relationship added related to 0000448
2013-01-19 07:51 INOPIAE Note Added: 0003707
2013-01-19 07:51 INOPIAE Status needs feedback => needs work
2013-02-12 21:45 Uli60 Relationship added related to 0000893