← Microsec Ltd. cases
Bugzilla #1391055
Certificate Misissuance
Microsec: Non-BR-Compliant Certificate Issuance
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. faced issues with non-compliant certificate issuance, specifically regarding invalid dnsNames and the Common Name not being included in the Subject Alternative Name (SAN). The CA was required to provide detailed remediation steps and confirm that such certificates would no longer be issued. They acknowledged the problems and committed to implementing additional checks in their CA software to prevent future occurrences. The case was resolved with the CA agreeing to replace all non-compliant certificates by the end of November 2017.
Chronology
- Bug reported regarding non-compliance
- Microsec responds to the issues raised
- Microsec checks all valid SSL certificates
- Agreement reached on replacement timeline for non-compliant certificates
- All misissued certificates revoked
Participants
Kathleen Wilson
Dr. Sándor Szőke
Ryan Sleevi
Gervase Markham
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Disig: Non-BR-Compliant Certificate Issuance
NetLock: Non-BR-Compliant Certificate Issuance
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
Amazon Trust Services: CAA Misissuances
DigiCert / Swiss Government: CommonName not in SANs
Microsec: Validity period greater than 825 days
Actalis: Certs issued with same issuer and serial number
SwissSign: Two certs issued with same issuer and serial number