KIR S.A.: Certificates issued with multiple BR violations

Krajowa Izba Rozliczeniowa S.A. (KIR) faced multiple violations of the Baseline Requirements (BR) for certificates issued from the SZAFIR ROOT CA2. Issues included invalid postal addresses, incorrect Subject Alternative Names (SANs), and missing state or locality fields in organization names. An incident report was prepared and shared, detailing the timeline of actions taken to address the violations, including contacting certificate owners and issuing new compliant certificates. The CA has since implemented measures to prevent future misissuance, including post-issuance linting and a review of certificate policy templates.

1. 2018-10-01 Initial report of BR violations by CABLint, X509Lint, and ZLint.
2. 2018-10-02 KIR began preparing an incident report.
3. 2018-10-08 KIR disclosed the incident report detailing the violations and remediation steps.
4. 2019-01-01 Post-issuance linting procedure officially implemented.
5. 2019-06-17 Configuration issue identified and resolved.
6. 2019-09-16 All questions answered and remediation deemed complete.