TurkTrust re-emphasises that there was not a security breach

Microsoft to revoke certificates with fewer than 1024 bits
Microsoft to revoke certificates with fewer than 1024 bits

Turkish certificate authority (CA) TurkTrust has denied that there was any attack, "malevolence, fraud or any other crime factor" on it resulting in the issuing of fraudulent certificates.

In an updated statement from its website, TurkTrust said that since the incident was announced last week, "a lot of national and international people and organisations including press companies admired the way the case was treated and further supported and contributed for a correct understanding of the case".

However it said that there had been incorrect reporting and discussion on the incident and it will continue to manage the case openly and transparently with a responsibility not only to the Turkish public, but also to all internet users.

“Our company keeps on working with the target of being a reputable Turkish company that develops technology in world standards and produces value added services,” it said.

In a previous statement, TurkTrust said: “As of now, it is certain that there is no security breach on TurkTrust systems. There is also not a bit of evidence that the certificate was used maliciously.”

The problems began when two faulty SSL certificates were issued in August 2011 during a software migration. These were detected in late December, leading to browser vendors Microsoft, Mozilla and Google revoking trust in those certificates. TurkTrust revoked the certificate once it was made available of its status.

It said: “This seems to be a very plausible scenario explaining how the faulty certificate was being generated. This and all other available data strongly suggests that google.com cert was not issued for dishonest purposes or has not been used for such a purpose.”

Sign up to our newsletters