Troubleshooting GlobalSign Issue Oct 2016
Following the issue with GlobalSign (Oct 2016):
“GlobalSign manages several root certificates and for compatibility and browser ubiquity reasons provides several cross-certificates between those roots to maximize the effectiveness across a variety of platforms. As part of a planned exercise to remove some of those links, a cross-certificate linking two roots together was revoked. CRL responses had been operational for 1 week, however an unexpected consequence of providing OCSP responses became apparent this morning, in that some browsers incorrectly inferred that the cross-signed root had revoked intermediates, which was not the case.”
GlobalSign have publish a Report detailing the incident
To get more information about this incident, please read our blog