DigiCert Sdn Bhd Intermediate Certificate Authority was revoked by its root CA, Entrust Inc due to the reason of certain IT Security Policies where they had detected that certificates with weak keys were issued. Thanks to the comment from Travis Tidball, I would like to clarify that DigiCert Sdn Bhd (Malaysia) is not affiliated with DigiCert Inc (USA) so that I will not mislead you to think that DigiCert Inc is also affected.
According to Entrust Inc, 22 certificates with weak keys we issued although there was no indication that the were issued fraudulently. Those certificates are using a 512KB RSA key where it does not complaint to the CPS which is not accepted by the CA standards.
In addition to that, the subordinate CA itself found some technical difficulty where there was a lack of Extended Key Usage (EKU) information which specify their usage and also had been issued without revocation information.
CA business today has become more strict after the lessons learned from DigiNotar bankruptcy issue. As it could impact the future CA business of Entrust, they had decided to revoke the DigiCert intermediate certificate authority.
Based on the latest update from Naked Security, two of the weak certificates were used to sign Malware used in a spear phishing attack against another Asian certificate authority. That specific CA were able to raise the issue after noticing the attack. Three other certificate authorities were also attacked but they were not issued by DigiCert CA.
It is extremely important when we come to talk about auditing a CA in the IT Security Policies. Although DigiCert CA managed to pass the audit to Malaysian Government by a large global auditing firm, but still it somehow not compliance.