KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days

Krajowa Izba Rozliczeniowa S.A. (KIR) reported a misissuance incident involving a certificate that lacked an OCSP AIA and had a validity period exceeding 825 days. The issue was identified during a post-issuance linting procedure, leading to a series of corrective actions including the revocation of the problematic certificate and the implementation of a patch to prevent future occurrences. KIR has since updated its policies and procedures to enhance compliance and prevent similar issues.

1. 2019-01-14 Certificate without OCSP AIA issued.
2. 2019-01-15 Root cause investigation initiated.
3. 2019-01-21 Problematic certificate revoked.
4. 2019-06-13 Basic pre-linting patch deployed.