← Sectigo cases
Bugzilla #1524730
Certificate Problem Report
Sectigo: invalid dnsName
RESOLVED
FIXED
Sectigo
AI Summary
A certificate issued by a Sectigo sub-CA contained an invalid dnsName (`DNS=advisors.intel.com`). The issue was reported on January 25, 2019, and the certificate was revoked the same day. Sectigo acknowledged the problem, stating that human error at the sub-CA led to the incorrect value being included in the certificate. They have since ceased issuing certificates with this issue and have implemented automated lint checking to prevent future occurrences. All currently valid certificates from the affected sub-CA were checked and found to be compliant.
Chronology
- Problem reported via email
- Certificate revoked
- Incident report provided by Sectigo
- Remediation confirmed complete
Participants
Jonathan Rudenberg
Robin Alden
W. Thayer
Ryan Sleevi
External References
Similar Local Cases
Sectigo: EV SSL Certificates with incorrect businessCategory
Sectigo: invalid subject:organizationalUnitName on DV certificates
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: "Default City" in Subject:localityName
Sectigo: "Some-State" in stateOrProvinceName
Sectigo: Failure to revoke key-compromised certificates
Sectigo: EV SSL Certificates with incorrect subject details.
GlobalSign: IP in dnsName