Trustico revokes SSL certificates due to stored private keys

According to a post by Jeremy Rowley, an official at DigiCert, on the Mozilla Developers security mailing list, Trustico had asked on 2 February for a mass revocation of all certificates that been ordered through the company by end users. His post was titled "How do you handle mass revocation requests?"

Revoked websites will display an error like this from tonight until the certificate is replaced. pic.twitter.com/ZHfX6jPaok

— Kevin Beaumont (@GossiTheDog) 28 February 2018

Trustico later told DigiCert that it was holding the private keys which would mean that the certificates were thus compromised. 

Rowley said that on 27 February, DigiCert had received a file with 23,000 private keys matched to specific Trustico customers.

{loadposition sam08}"At this time, Trustico has not provided any information about how these certificates were compromised or how they acquired the private keys. As is standard practice for a Certificate Authority, DigiCert never had possession of these private keys," he said.

Hey I think I found where those #trustico private keys were securely kept! pic.twitter.com/Ykzf0dqaDU

— Cryptoki (@Cryptoki) 28 February 2018

In a response to Rowley's post, Zane Lucas, general manager at Trustico, said: "We didn't authorise DigiCert to contact our customers and we didn't approve the content of their e-mail. At no time had any private keys been compromised, nor had we ever informed to you that any private keys had been compromised.

"During our many discussions over the past week we put it to you that we believe Symantec to have operated our account in a manner whereby it had been compromised. Your usage of the word compromise has been twisted by you to your benefit and is absolutely defamatory."

In a statement issued at about 6.08am AEDT, DigiCert said: “Trustico requested revocation of their Symantec, GeoTrust, Thawte and RapidSSL certificates, claiming the certificates were compromised. 

"When we asked for proof of the 'compromise', Trustico did not provide details on why they were requesting the immediate revocation. Trustico’s CEO indicated that Trustico held the private keys for those certificates, and then emailed us approximately 20,000 certificate private keys.

"When he sent us those keys, his action gave us no choice but to act in accordance with the CA/Browser Forum Baseline Requirements, which mandate that we revoke a compromised certificate within 24 hours. 

"As a CA, we had no choice but to follow the Baseline Requirements. Following our standard revocation process, we gave notice via email to each certificate holder whose private keys had been exposed to us by Trustico, so they could have time to get a replacement certificate.

"In communications today, Trustico has suggested that this revocation is due to the upcoming Google Chrome distrust of Symantec roots. That is incorrect. We want to make it clear that the certificates needed to be revoked because Trustico sent us the private keys; this has nothing to do with future potential distrust dates.

"The upcoming Chrome distrust situation is entirely separate. We are working closely to help customers with certificates affected by the browser distrust, and we are offering free replacement certificates through their existing customer portals. That process is well underway."

With the private key, the CA can absolutely impersonate you. I mean, any CA compromise is bad, but Trustico's behavior makes this an absolute worst case. It's clear that they don't understand how CA's really work either. Ugh. I'm not a customer and don't recommend. 2/2

— Jake Williams (@MalwareJake) 28 February 2018

The revocation of the certificates by Trustico appears to be related to its decision to stop dealing with DigiCert. Earlier this month, Trustico stopped using certificates from Symantec.

In the words of Jake Williams, the chief executive of Rendition Infosec and a former hacker with the NSA's elite Tailored Access Operations unit, "Trustico was storing private keys for its customers (something it never should have had, let alone stored,). That's not how CAs are supposed to work. This is insane."

They list many very big customers on their website, and 23k certs is a lot of websites, so fundamentally it raises very big questions about the certificate chain. This never should have been possible.

— Kevin Beaumont (@GossiTheDog) 28 February 2018

Another security expert, Briton Kevin Beaumont, said Trustico had emailed 23,000 private keys to certificates "which means the certificates were fundamentally broken - i.e. if you have (the) private key you can decrypt traffic, which the certs were supposed to protect".

The possession of a private key would mean that it is possible to do man-in-the-middle interception, according to Beaumont.

According to one poster, haz31, on the Whirlpool broadband forums, "So seems.... they maybe kept a copy of peoples private keys (never mind how they got them for processing CSRs... maybe they did a silent private key swap).

"They sent them via email to get their certifs from old reseller revoked. This isn't going to be nice for some people to wake up to."

The representative of a Melbourne data centre and hosting service, Micron21, who posted under the name James B on the Whirlpool forums, wrote: "(The) latest news is Trustico have stopped using DigiCert for legal reasons, Trustico new wholesale provider is Comodo (as of a few minutes ago)."

His post was made on 28 February at 8.49pm AEDT.

"Comodo are providing free replacement certificates for any DigiCert certificates for anyone affected, however they won't provide promo code for the free certificates until tomorrow .... so not sure how it will work yet when everything is due to expire in a few hours....," he added.

Re TrustIco - 10 CSRs have been posted now which correctly correlate with Certificate Transparency logs - so the private keys are indeed compromised. https://t.co/VQFXu5Dnr4 pic.twitter.com/8QXTc3cRGw

— Kevin Beaumont (@GossiTheDog) 28 February 2018