← SECOM Trust Systems CO., LTD. cases
Bugzilla #1452671
Certificate Misissuance
SECOM: TSA Certs Issued from Root
RESOLVED
FIXED
SECOM Trust Systems CO., LTD.
AI Summary
SECOM Trust Systems issued timestamping certificates from a root certificate, violating CA/Browser Forum guidelines. The issue was identified on April 10, 2018, and SECOM acknowledged the misissuance, stating they would investigate and implement countermeasures. They planned to transition to a new root CA to prevent future occurrences. Despite the misissuance, SECOM explained that revoking the certificates was complicated due to legal requirements in Japan. The case was resolved with SECOM's commitment to compliance.
Chronology
- Bug created regarding TSA certs issued from root.
- SECOM acknowledged the issue and began investigation.
- SECOM started issuing TSA certificates from a new intermediate CA.
- Bug closed after confirming no further actions were required.
Participants
Wayne Thayer
Hisashi Kamo
External References
Similar Local Cases
SECOM: Failure to disclose Unconstrained Intermediate within 7 Days
SECOM: CrossTrust: OU > 64 characters
SECOM: Undisclosed intermediate certificates
SECOM: "Default City" in Subject:localityName
SECOM: Mis-issued EV Certificates
SECOM: Unqualified domain name in SAN
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ)
SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ)