← Telia Company cases
Bugzilla #1528261
Certificate Misissuance
Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld)
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company identified a misissued certificate during a mass lint scan of its SSL certificates, revealing nine invalid certificates across various error categories. The specific issue in this case was a certificate with a Fully Qualified Domain Name (FQDN) that lacked a domain part, which was created in 2017. Telia took immediate action by revoking the certificate within the required timeframe, and has since implemented measures to prevent similar issues in the future. The root cause was traced to a bug in their error handling process, which has since been addressed.
Chronology
- Discovery of invalid certificates during mass lint scan.
- Revocation of the misissued certificate.
Participants
pekka.lahtiharju@teliasonera.com
External References
Similar Local Cases
Telia: Misissued certificate - Invalid OU value "-"
Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field
Telia: Misissued certificate - Invalid wildcard format
Telia: invalid IP value in SAN DNS field
Telia: Ambiguity on KeyUsage with ECC public key
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains"
Telia: Non-BR-Compliant OCSP Responder
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP