← GoDaddy cases
Bugzilla #1462844
Certificate Misissuance
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy faced a certificate misissuance issue due to improper DER encoding, resulting in invalid characters in the PrintableString field. The CA was alerted to the problem through a Bugzilla report and took immediate action to revoke the affected certificates within 24 hours. An incident report was requested to document the misissuance and the steps taken to rectify the situation. GoDaddy has since implemented additional linting tools to prevent similar issues in the future.
Chronology
- CA first became aware of malformed certificates via Bugzilla report.
- Certificates were revoked within 24 hours after identification.
- GoDaddy provided updates on revocation actions.
- GoDaddy confirmed scanning of all certificates with multiple linting tools.
- Case was resolved following discussions on process improvements.
Participants
Ryan Sleevi
Daymion Reynolds
Johan Cristau
Wayne Thayer
External References
Similar Local Cases
GoDaddy: Random Value Vulnerability in Domain Validation Method
E-Tugra: Invalid DER results in failure to comply with RFC 5280 - Violating string length limit
GRCA: Misissued certificates: Invalid commonName, commonName not in SAN
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing
Entrust: Question marks in certificate O and L fields
Camerfirma: failure to revoke underscores
Hongkong Post / Certizen: Failure to report misissuance
DigiCert: "Some-State" in stateOrProvinceName