← Asseco Data Systems S.A. cases
Bugzilla #1409764 Certificate Misissuance

Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag

RESOLVED FIXED Asseco Data Systems S.A.
AI Summary

This case involves a mis-issuance of a certificate by Certum due to incorrect handling of CAA records. The user reported that a critical flag was set on an unknown CAA tag, which should have prevented the issuance. Certum acknowledged the mis-issuance but did not confirm the root cause initially. The issue was resolved with a patch ready for implementation shortly after the report.

Model: gpt-4o-mini Generated: 2026-06-13 17:36 UTC Confidence: 1.00
Chronology
  1. User reported mis-issuance to Certum.
  2. Discussion on the verification process and patch readiness.
  3. Confirmation that the problem is resolved.
Participants
Quirin Scheitle Arkadiusz Ławniczak
External References
Original Bugzilla Case crt.sh dnsviz.net github.com
Similar Local Cases
#1420860 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 69% similar
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1435770 RESOLVED Certificate Misissuance Opened 2018-02-05 · Closed 2023-02-22 · 59% similar
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
AI Summary CA Owner
#1451228 RESOLVED Certificate Misissuance Opened 2018-04-04 · Closed 2023-02-22 · 56% similar
Asseco DS / Certum: EV certificate mis-issue
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 50% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1420766 RESOLVED Certificate Misissuance Opened 2017-11-26 · Closed 2024-05-09 · 48% similar
Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1409760 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2022-11-14 · 48% similar
StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1420871 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 47% similar
Camerfirma: Potential Mis-Issuance based on CAA records
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action