Camerfirma: MULTICERT organizationName Too Long

The case involves MULTICERT issuing certificates with an invalid organizationName that exceeded the allowed length, violating ASN.1 size constraints. The issue was detected on August 3, 2018, leading to the revocation of five misissued certificates. MULTICERT implemented operational controls to prevent future occurrences, including monitoring for misissued certificates and deploying a linting tool. However, there were initial delays in deploying these controls, which raised concerns about the effectiveness of their oversight processes. All remediation actions have since been completed.

1. 2018-08-03 MULTICERT detected misissued certificates and initiated revocation.
2. 2018-08-14 Technical controls were deployed to limit organizationName length.
3. 2019-02-14 Camerfirma deployed a post-issuance linting tool.
4. 2019-03-22 Pre-issuance linting was implemented.