Trustico wanted to do a mass revocation, was told by DigiCert that they can’t do that without there being a documented breach, so the CEO emailed the private keys to DigiCert which by definition is a breach.
Because that’s the mature, professional response.
Then Trustico failed to notify DigiCert properly that there was a breach.
It’s a shitshow and it’s all Trustico’s fault from what I can tell.
Pretty much all of our stuff is DigiCert. Thankfully this won’t impact us, but I’m sure it’s going to play out beautifully.
Holy crap. Shit show doesn’t even begin to describe this.