← Government of Taiwan, Government Root Certification Authority (GRCA) cases
Bugzilla #1463975
Certificate Misissuance
GRCA: Misissued certificates: Invalid commonName, commonName not in SAN
RESOLVED
FIXED
Government of Taiwan, Government Root Certification Authority (GRCA)
AI Summary
The Government Root Certification Authority (GRCA) misissued 88 certificates with an invalid commonName format, concatenating multiple Subject Alternative Names (SANs) into the commonName field. The issue was identified on May 7, 2018, and the service was halted shortly thereafter. GRCA committed to revoke the affected certificates by February 28, 2019, but the revocation was completed on March 4, 2019, due to holiday delays. An incident report was filed detailing the misissuance and the steps taken to prevent future occurrences.
Chronology
- Issue identified and multi-domain certificate service stopped.
- Issue fixed.
- Incident report created.
- Scheduled revocation date for affected certificates.
- All affected certificates revoked.
Participants
Ryan Sleevi
Wayne Thayer
National Development Council
External References
Similar Local Cases
GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions
NetLock: CN not in SAN
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
Camerfirma: failure to revoke underscores
Hongkong Post / Certizen: Failure to report misissuance
SECOM: "Default City" in Subject:localityName
Chunghwa Telecom: Test certificate with unregistered domain name
DigiCert: "Some-State" in stateOrProvinceName