[cabfpub] Case Explanation by TURKTRUST

mert.ozarar mert.ozarar at turktrust.com.tr
Fri Jan 4 08:30:30 MST 2013


   
Dear All, 

As an Electronic Certificate Service Provider (ECSP),
TURKTRUST has been providing SSL certificate services since the year
2005. After having international audits for "ETSI TS 102 042 Management
System for Certification Authorities Standard", TURKTRUST was granted
the British Standards Institution (BSI) compliance certificate for this
standard on December 20, 2011. The ETSI compliance certificate is
attached for more information.

During August 2011, there had been an
unfortunate instance of having two SSL certificates issued mistakenly as
intermediate CA certificates to organizations that should have instead
received regular SSL certificates. As a matter of fact, TURKTRUST uses
no intermediate CAs for SSL certificate issuance. End-user SSL
certificates are only issued centrally by related TURKTRUST SSL sub-root
certificates upon requests from end-user clients. As soon as the case
was brought to TURKTRUST's attention almost a week ago, an immediate
thorough investigation has been started to identify the root cause. It
turned out that it was solely a faulty data migration operation,
occurred during the course of a system upgrade before the successful
ETSI TS 102 042 audit that took place in November, 2011. The cause was
certainly not associated with any security breaches, attacks or
hacking.

A detailed explanation of the root cause, the OCSP and CRL
requests analysis and the immediate preemptive actions have been openly
communicated with the browser representatives in the last few days. The
system, databases and logs have also gone through an exhaustive analysis
to find out if any other anomaly occurred during the period under
consideration. The data revealed no anomaly at all, the instance was
unique and restricted only to those two certificates.

Since the first
ETSI TS 102 042 audit of November 2011, TURKTRUST certification services
and systems have improved significantly, and a continuous assessment
audit recently took place successfully. Hence, TURKTRUST is determined,
as it has always been, to continue supplying customers more developed
and continuously improving certification services.

Best Regards,

Mert
Ozarar 
TURKTRUST Inc. 

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130104/06545616/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TURKTRUST - BSI Certificate ETS 019 - ETSI TS 102 042 - SSL NCP & EV-CP (20.12.2011)(1).pdf
Type: application/pdf
Size: 533174 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130104/06545616/attachment-0001.pdf 


More information about the Public mailing list