← GlobalSign nv-sa cases
Bugzilla #1420766 Certificate Misissuance

Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN

RESOLVED INVALID GlobalSign nv-sa
AI Summary

This case involves a mis-issuance by GlobalSign for a certificate that included both wildcard and non-wildcard DNS names in the Subject Alternative Name (SAN). The issue arose when GlobalSign validated the CAA record for the wildcard SAN but did not perform a subsequent check for the base domain. As a result, the base domain was incorrectly added, leading to the mis-issuance. The case was ultimately resolved as INVALID after discussions highlighted discrepancies in CAA logs and DNS history.

Model: gpt-4o-mini Generated: 2026-06-13 17:40 UTC Confidence: 1.00
Chronology
  1. Initial bug filed regarding CAA mis-issuance.
  2. Bug resolved as INVALID.
Participants
Quirin Scheitle Linus Hallberg Gervase Markham Douglas Beattie
External References
Original Bugzilla Case groups.google.com groups.google.com misissued.com
Similar Local Cases
#1420860 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 55% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 55% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1420871 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 54% similar
Camerfirma: Potential Mis-Issuance based on CAA records
AI Summary CA Owner
#1782391 RESOLVED Certificate Misissuance Opened 2022-07-31 · Closed 2023-02-22 · 51% similar
GlobalSign: EV certificate with wildcard domain in common name and SAN
AI Summary CA Owner
#1409760 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2022-11-14 · 51% similar
StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1836443 RESOLVED Certificate Misissuance Opened 2023-06-02 · Closed 2024-06-30 · 49% similar
GlobalSign: Issuance of test certificate (pre-certificate) for EV SSL/QWAC with no EKU extension
AI Summary CA Owner
#1552586 RESOLVED Certificate Misissuance Opened 2019-05-17 · Closed 2023-02-22 · 49% similar
GlobalSign: 4 Misissued certificates with invalid CN
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action