← Asseco Data Systems S.A. cases
Bugzilla #1435770 Certificate Misissuance

Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys

RESOLVED FIXED Asseco Data Systems S.A.
AI Summary

The case involves Certum, a CA owned by Asseco Data Systems S.A., which issued two certificates containing Debian weak keys. These certificates were not revoked within the required 24-hour period after being reported, leading to a compliance issue. Certum acknowledged the problem, revoked the certificates, and conducted a thorough investigation, confirming no additional affected certificates were found. They have since implemented changes to their validation processes to prevent similar issues in the future.

Model: gpt-4o-mini Generated: 2026-06-13 17:43 UTC Confidence: 0.90
Chronology
  1. Hanno Bock reported weak keys to Certum.
  2. Certum confirmed the need to revoke the certificates.
  3. Certum revoked the certificates.
  4. Certum deployed a new validation system.
  5. Certum submitted an incident report.
  6. Case marked as resolved.
Participants
Wayne Thayer Arkadiusz Ławniczak Hanno Bock
External References
Original Bugzilla Case crt.sh crt.sh wiki.mozilla.org
Similar Local Cases
#1611458 RESOLVED Certificate Misissuance Opened 2020-01-24 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: Invalid value in SAN dNSName
AI Summary CA Owner
#1420860 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1409764 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 59% similar
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag
AI Summary CA Owner
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 59% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1451228 RESOLVED Certificate Misissuance Opened 2018-04-04 · Closed 2023-02-22 · 58% similar
Asseco DS / Certum: EV certificate mis-issue
AI Summary CA Owner
#1879845 RESOLVED Certificate Misissuance Opened 2024-02-12 · Closed 2024-10-02 · 54% similar
Asseco DS / Certum: S/MIME certificates with error in subjectAlternativeName
AI Summary CA Owner
#1600301 RESOLVED Certificate Misissuance Opened 2019-11-29 · Closed 2023-02-22 · 54% similar
Asseco DS / Certum: EV Certificates issued with wrong Business Category
AI Summary CA Owner
#1871393 RESOLVED Certificate Misissuance Opened 2023-12-21 · Closed 2024-05-09 · 53% similar
Asseco DS / Certum: Delayed revocation of EV certificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action