Yesterday, Upstream provider CERTUM notified us of an urgent issue with an intermediate certificate [Root CA - G3].
We are writing to inform you that if your certificate was issued by [Root CA - G3] certificate Requires replacement. The serial numbers for these certificates were generated with insufficient entropy, which violates the CA/Browser Forum Baseline (CABF BR). Specifically, CABF BR requires that "CAs SHALL generate Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG."