← SwissSign AG cases
Bugzilla #1428877
Certificate Misissuance
SwissSign: Invalid DNSName in SAN
RESOLVED
FIXED
SwissSign AG
AI Summary
The case concerns SwissSign AG's issuance of certificates containing an invalid Subject Alternative Name (SAN). The issue was identified through an automated checker, leading to the revocation of three affected certificates. SwissSign has since implemented a fix to their validation process, ensuring that future certificates comply with domain name standards. The resolution involved enhancing their regular expression checks and conducting a thorough linting of their certificate database, which confirmed no further issues.
Chronology
- SwissSign identified the issue through their cablint checker.
- SwissSign provided a detailed incident report.
- SwissSign implemented a software fix to address the validation issue.
- SwissSign confirmed completion of linting their entire certificate database.
- The additional code fix was implemented and the case was resolved.
Participants
Wayne Thayer
Reinhard Dietrich
Mike Guenther
Ryan Sleevi
External References
Similar Local Cases
SwissSign: Misissuance with mispellings in Location for a number of Certificates
SwissSign: Cert issued with a to long validity period
SwissSign: "Some-State" in stateOrProvinceName
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier
SwissSign: Cert issued with a to long validity period
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: wrong address in EV certificate
SwissSign: Certificate with key length 4098 bit