Knowledge Base

A threat intel site flagged one of DigiCert’s  OCSP and CRL IP addresses. 

During the standard certificate verification process, systems utilize OCSP and CRL checks to determine if a certificate is valid. Occasionally, a false positive is reported when malware attempts to validate a certificate, leading to the incorrect labeling of the OCSP or CRL IP address as malicious. These are false positives, and the OCSP and CRL IP addresses are not malicious.

The code-signing process applies a digital signature to a software binary or file. This digital signature validates the identity of the software author or publisher and verifies that the file has not been altered or tampered with since it was signed. Regrettably, there are instances where legitimate code-signing certificates are stolen or misused to sign malicious software. This does not mean that the OCSP and CRL IP addresses are compromised; instead, they have been flagged incorrectly as "part of the malware."

Our OCSP or CRL IP addresses should be added to your Allow List, as mentioned in our knowledge base article, New Dedicated IP Addresses. If you need to report a compromised certificate, please follow the steps listed on our site, Report Certificate Problems.