← Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) cases
Bugzilla #1467414
Certificate Misissuance
GDCA: Misissuance of certificates with small RSA keys
RESOLVED
FIXED
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))
AI Summary
Global Digital Cybersecurity Authority Co., Ltd. (GDCA) misissued seven certificates with RSA-1024 keys, which violate the Baseline Requirements. The issue was reported by Rob Stradling on June 7, 2018, prompting GDCA to suspend the issuance of DV SSL certificates and investigate. They confirmed the misissuance and revoked the affected certificates the same day. GDCA implemented changes to their issuance system to prevent future occurrences, including integrating pre-issuance linting tools and enhancing their change management processes. The DV SSL certificate issuance service was resumed on June 27, 2018, with new checks in place.
Chronology
- Rob Stradling reported misissued certificates to GDCA.
- GDCA suspended issuance of DV SSL certificates.
- GDCA confirmed misissuance and revoked affected certificates.
- GDCA resumed DV SSL certificate issuance with new checks.
Participants
Rob Stradling
Xiu Lei
External References
Similar Local Cases
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31
GDCA: Misissuance of certificates with IP address
DigiCert: SHA-1 intermediate issued after 2016-01-01
Chunghwa Telecom: Wrong Extended Key Usage setting by GTLSCA
TrustAsia: SSL DV Mis-issuance against CP/CPS (IPAddress)
SwissSign: S/MIME certificates deviate from CPR
Microsoft PKI Services: End Entity Certificate Mis-issuance against CPS (BasicConstraints)
DigiCert: Verizon mis-issued test certificates