← SwissSign AG cases
Bugzilla #1443731
Certificate Misissuance
SwissSign: Cert issued with a to long validity period
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported the issuance of an SSL certificate with an excessively long validity period. The issue was detected through post-issuance linting, prompting an investigation and subsequent revocation of the certificate. SwissSign identified the cause as incorrect use of a rarely utilized reissue option and has since prohibited its use until a fix is implemented. The pre-issuance linting system was established and activated in September 2018 to prevent future occurrences.
Chronology
- Certificate issued
- Investigation started and customer contacted for certificate replacement
- Certificate revoked
- Incident report posted to relevant forum
- Pre-issuance linting system activated
Participants
Reinhard Dietrich
Juerg Eiholzer
Alex Gaynor
Wayne Thayer
External References
Similar Local Cases
SwissSign: Cert issued with a to long validity period
SwissSign: Invalid DNSName in SAN
SwissSign: Undisclosed Intermediate Certificates
SwissSign: Domain validated certificate but with stateOrProvinceName
SwissSign: "Some-State" in stateOrProvinceName
SwissSign: Two certs issued with same issuer and serial number
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation
SwissSign: modified fields were not saved into certificates and resulted in miss-issuance