← Asseco Data Systems S.A. cases
Bugzilla #1420860 Certificate Misissuance

Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN

RESOLVED FIXED Asseco Data Systems S.A.
AI Summary

The case involves a misissuance of a certificate by Certum for a domain with mixed wildcard and non-wildcard DNS names. The issue arose from a misunderstanding of CAA record validation, leading to the issuance of a certificate without proper checks. Certum acknowledged the misinterpretation of RFC 6844, which contributed to the error. Ultimately, the case was resolved with Certum asserting that the certificate was issued correctly based on the validation conducted on the date of issuance, despite the confusion regarding CAA records.

Model: gpt-4o-mini Generated: 2026-06-13 17:40 UTC Confidence: 0.90
Chronology
  1. Bug reported regarding CAA misissuance.
  2. Certum acknowledges improper processing of CAA records.
  3. Case resolved as FIXED despite Certum's assertion of no misissuance.
Participants
Quirin Scheitle Arkadiusz Ławniczak Gervase Markham W. Thayer
External References
Original Bugzilla Case crt.sh wiki.mozilla.org
Similar Local Cases
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 70% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1409764 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 69% similar
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag
AI Summary CA Owner
#1451228 RESOLVED Certificate Misissuance Opened 2018-04-04 · Closed 2023-02-22 · 66% similar
Asseco DS / Certum: EV certificate mis-issue
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 65% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1435770 RESOLVED Certificate Misissuance Opened 2018-02-05 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
AI Summary CA Owner
#1420766 RESOLVED Certificate Misissuance Opened 2017-11-26 · Closed 2024-05-09 · 60% similar
Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1420871 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 58% similar
Camerfirma: Potential Mis-Issuance based on CAA records
AI Summary CA Owner
#1600301 RESOLVED Certificate Misissuance Opened 2019-11-29 · Closed 2023-02-22 · 57% similar
Asseco DS / Certum: EV Certificates issued with wrong Business Category
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action