← MULTICERT cases
Bugzilla #1509002
Certificate Problem Report
Camerfirma: MULTICERT certificates with a validity period greater than 825 days
RESOLVED
FIXED
MULTICERT
AI Summary
Camerfirma reported that its subCA, MULTICERT, was issuing certificates with a validity period exceeding the 825-day limit. The issue was identified by their Quality Team, leading to immediate corrective actions including stopping the issuance of new certificates until the problem was resolved. The root cause was traced to a bug in the code that incorrectly set the notAfter date based on the original validity period rather than the correct date. MULTICERT implemented fixes and revoked the affected certificates, ensuring compliance with industry standards.
Chronology
- First misissued certificate detected
- Camerfirma notifies MULTICERT of the issue
- MULTICERT completes revocation of affected certificates
- Revocation of a subsequent misissued certificate
- Pre-issuance linting implemented
Participants
Eusebio Herrera
Wayne Thayer
Ryan Sleevi
External References
Similar Local Cases
Camerfirma: MULTICERT certificates with a validity period greater than 825 days
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Entrust: IP Address in dNSName form
Amazon Trust Services: Test revoked certificates with invalid validity period
DigiCert: CAA Checking Issue
DigiCert: Issuance of Cert with Compromised Key
DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension