← DarkMatter LLC cases
Bugzilla #1430909
Certificate Misissuance
QuoVadis: Non-BR-Compliant issuance --improper characters in DNSName (BIT sub-CA)
RESOLVED
FIXED
DarkMatter LLC
AI Summary
The case involved a misissuance of a TLS/SSL certificate by QuoVadis, where a dNSName included invalid newline characters. The issue was reported by Alex Gaynor on December 21, 2017, leading to the certificate's revocation the following day. The misissuance was attributed to administrator error during manual input. QuoVadis and BIT have since implemented measures to prevent similar occurrences, including post-issuance scanning and plans to transition to a managed PKI service.
Chronology
- Problem report received from Alex Gaynor regarding invalid dNSName.
- Certificate revoked by BIT.
- BIT began using a managed PKI service from QuoVadis.
Participants
Wayne Thayer
Stephen Davidson
External References
Similar Local Cases
QuoVadis: Multiple unreported misissuances in 2018
QuoVadis: Certificate containing Debian weak key
QuoVadis: Non-BR-Compliant OCSP Responder
QuoVadis: improper countryName format
QuoVadis: IPaddress in DNSname SAN
IdenTrust: Improper encoding of wildcard certificate
KIR S.A.: Certificates issued with multiple BR violations
SwissSign: Cert issued with a to long validity period