← Disig, a.s. cases
Bugzilla #1390991
Certificate Misissuance
Disig: Non-BR-Compliant Certificate Issuance
RESOLVED
FIXED
Disig, a.s.
AI Summary
Disig, a.s. faced issues with the issuance of non-BR-compliant certificates, specifically involving invalid dnsNames. The CA was informed of the problems via a Bugzilla notification and was required to provide a detailed response regarding the issues and their remediation steps. Disig confirmed that they had ceased issuing problematic certificates and outlined their corrective actions, including implementing a blacklist for invalid TLDs and enhancing their internal processes to prevent future occurrences. The case was resolved after Disig demonstrated compliance with the required actions.
Chronology
- Disig informed of non-compliance issues via Bugzilla.
- Disig confirmed cessation of issuing problematic certificates.
- Disig implemented a blacklist for invalid TLDs.
- Post-issuance controls deployed.
- Case marked as resolved.
Participants
Kathleen Wilson
Peter Miskovic
Jonathan Rudenberg
Ryan Sleevi
Gervase Markham
W. Thayer
External References
Similar Local Cases
Microsec: Non-BR-Compliant Certificate Issuance
NetLock: Non-BR-Compliant Certificate Issuance
Amazon Trust Services: CAA Misissuances
Actalis: Certs issued with same issuer and serial number
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
Camerfirma: failure to revoke underscores
E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
SHA-1 issuance by DocuSign root