← Telia Company cases
Bugzilla #1528263
Certificate Misissuance
Telia: Misissued certificate - Invalid wildcard format
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company identified a misissued certificate with an invalid wildcard format during a mass lint scan of its SSL certificates. The scan, conducted on February 8, 2019, revealed nine invalid certificates across various error categories, including one with an invalid wildcard format. Telia promptly revoked the problematic certificate and implemented a fix to their validation logic by February 18, 2019. The incident highlights the importance of regular lint checks and the need for continuous improvement in certificate issuance processes.
Chronology
- Discovery of invalid certificates during mass lint scan
- Preliminary analysis by Telia Security Board
- Quick analysis confirmed the error could be reproduced
- Fix implemented in production system
Participants
pekka.lahtiharju@teliasonera.com
wthayer@fastly.com
ryan.sleevi@gmail.com
bugzilla@tds.xyz
bug-husbandry-bot@mozilla.bugs
External References
Similar Local Cases
Telia: Misissued certificate - Invalid OU value "-"
Telia: Ambiguity on KeyUsage with ECC public key
Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field
Telia: invalid IP value in SAN DNS field
Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld)
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains"
GlobalSign: 4 Misissued certificates with invalid CN
Telia: Non-BR-Compliant OCSP Responder