Changes

From March 22-26, 2024, Entrust issued 6,008 OV TLS certificates under a CPS requirement related to the policyQualifier in the OV certificate profile. The error was corrected in a subsequent CPS. (The certificates were compliant with the CA/B Forum’s TLS BRs and Entrust's OV profile.) Root-cause factors included generic naming of certificate profiles and concurrent updates to the CPS during incidents requiring rapid certificate replacement and revocation. Remediation actions included errata to the affected CPS, informing subscribers of CPS error, reviewing CPS update procedure, and renaming certificate profile for clarity. (Community members questioned Entrust’s decision to not revoke the certificates, and Entrust responded regarding its position on such matters--Entrust maintains that the certificates were compliant issue was addressed by adding an erratum in the CPS and informing its subscribers and that it can handle mass revocation and reissuance.)