← Asseco Data Systems S.A. cases
Bugzilla #1524195
Certificate Problem Report
Asseco DS / Certum: Invalid dnsNames
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. faced an issue with 37 SSL certificates that contained invalid dNSNames in their Subject Alternative Names (SAN), specifically including IP addresses. The problem was identified on January 30, 2019, following a report from Jonathan Rudenberg. Although the CA had ceased issuing such certificates since June 2017, they initially decided not to revoke the problematic certificates. However, after customer feedback and considering the potential impact, they opted to revoke all affected certificates by February 15, 2019. The CA has since committed to ensuring compliance with best practices to prevent similar issues in the future.
Chronology
- Stopped issuing certificates with IP address in SAN dNSName.
- Received report of invalid dNSNames from Jonathan Rudenberg.
- All affected certificates were revoked.
Participants
Wojciech Trapczyński
Jonathan Rudenberg
W. Thayer
External References
Similar Local Cases
Asseco DS / Certum: IP in dnsName
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
Asseco DS / Certum: Failure to revoke within 5 days
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours.
Asseco DS / Certum: Intermediate CA certificates not listed in audit report
Asseco DS / Certum: commonName not from subjectAltName entries
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment)
GlobalSign: IP in dnsName