Symantec's Response to Suspicious Issuance Claim

Alerts ID:    ALERT2193    Updated:    01/27/2017




On January 26, 2017, Symantec updated the CA and browser community about a partner’s misissuance of certificates. CrossCert, a WebTrust audited Registration Authority (RA) partner in Korea, overrode compliance failure flags and issued certificates in violation of Symantec policy and CA/B Forum Baseline Requirements. After becoming aware of this issue, Symantec immediately disabled all issuance privileges for CrossCert and revoked any valid and active certificates. Symantec has taken over validation and issuance for all pending and new orders submitted through CrossCert. Additionally, Symantec is reviewing its RA partners, controls and procedures. Our investigation remains on-going, a detailed Certificate Problem Report has been published.


Contact Support

Knowledge Center