← Apple Inc. cases
Bugzilla #1777757 Certificate Misissuance

Apple: EV TLS pre-certificates issued without EKU extension

RESOLVED FIXED Apple Inc.
AI Summary

On July 1, 2022, Apple Public CA issued two EV TLS pre-certificates without an Extended Key Usage (EKU) extension, violating Baseline Requirements. The certificates were revoked shortly after issuance, and Apple identified a bug in their deployment process that led to this misconfiguration. A series of corrective actions were taken, including the implementation of a fix from their software vendor. The issue has since been resolved, and the CA continues to monitor for any further questions.

Model: gpt-4o-mini Generated: 2026-06-13 15:13 UTC Confidence: 0.90
Chronology
  1. Two EV TLS pre-certificates issued without EKU extension.
  2. Certificates revoked after identification of the issue.
  3. Production environment upgraded to include the fix for the bug.
Participants
Apple CA Mozilla
External References
Original Bugzilla Case crt.sh crt.sh www.mozilla.org doc.primekey.com doc.primekey.com
Similar Local Cases
#1313873 RESOLVED Certificate Misissuance Opened 2016-10-29 · Closed 2022-11-14 · 42% similar
SHA-1 issuance by DocuSign root
AI Summary CA Owner
#1048045 RESOLVED Certificate Misissuance Opened 2014-08-03 · Closed 2022-11-14 · 42% similar
GlobalSign Partner: No SAN
AI Summary CA Owner
#1401407 RESOLVED Certificate Misissuance Opened 2017-09-19 · Closed 2023-02-22 · 42% similar
DigiCert: Mis-Issuance Rekey certificates
AI Summary CA Owner
#1443857 RESOLVED Certificate Misissuance Opened 2018-03-07 · Closed 2023-02-22 · 41% similar
Camerfirma: Non-BR-Compliant Issuance - DNSName is empty
AI Summary CA Owner
#1319609 RESOLVED Certificate Misissuance Opened 2016-11-23 · Closed 2023-02-22 · 41% similar
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist
AI Summary CA Owner
#1853463 RESOLVED Certificate Misissuance Opened 2023-09-15 · Closed 2023-10-12 · 41% similar
DigiCert: SMIME certificates issued inconsistent with BR’s
AI Summary CA Owner
#1397969 RESOLVED Certificate Misissuance Opened 2017-09-08 · Closed 2023-02-22 · 41% similar
DigiCert / Inteso San Paulo: Double dot characters
AI Summary CA Owner
#1397958 RESOLVED Certificate Misissuance Opened 2017-09-07 · Closed 2023-02-22 · 41% similar
DigiCert / Terena: Metadata in OU fields
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action