All Sectigo Public Certificates Meet 64-Bit Serial Number Requirements
Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines. News reports indicate that several certificate issuers are affected. We would like to clarify that NO active public certificates from Sectigo are subject to this flaw.
Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines. News reports indicate that several certificate issuers are affected.
We would like to clarify that NO active public certificates from Sectigo are subject to this flaw. You can continue using your certificates under the Sectigo, Comodo, InstantSSL, PositiveSSL, and EnterpriseSSL brands with no change or reissuance required.