By John Ribeiro, IDG News
PCWorld
Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA) , after it was found that it had issued 22 certificates with weak 512-bit keys and missing certificate extensions and revocation information.
The Malaysian company was issued an intermediate CA certificate in July, 2010 by Entrust in Dallas, Texas, which was licensed for distribution with SSL (Secure Sockets Layer) and S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates.
Entrust said in a bulletin on its website that it had been discovered that Digicert Malaysia has issued certificates with weak 512-bit RSA keys and missing certificate extensions. Entrust has revoked the 512-bit certificates issued by Digicert and made them available to major browser vendors to blacklist if found appropriate, it added.
Digicert in Malaysia does not have any relationship with DigiCert, a CA based in Utah.
Continue reading “Mozilla, Microsoft Withdraw Trust in Malaysian Intermediate CA”