← DarkMatter LLC cases
Bugzilla #1530623
Certificate Misissuance
QuoVadis: IPaddress in DNSname SAN
RESOLVED
FIXED
DarkMatter LLC
AI Summary
A certificate was issued by QuoVadis with an IP address in the DNSname SAN field, which is a violation of certificate issuance policies. The issue was identified through post-issuance linting, and the certificate was revoked on February 26, 2019. A detailed report was prepared outlining the incident, including the steps taken to prevent future occurrences, such as implementing stricter pre-issuance linting processes. The remediation efforts were confirmed as complete by April 2019.
Chronology
- Certificate with IP address in DNSname SAN field issued and later revoked.
- Report detailing the incident and corrective actions was submitted.
- Pre-issuance linting implemented for QuoVadis trusted TLS policies.
Participants
Stephen Davidson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
QuoVadis: Certificate containing Debian weak key
QuoVadis: Multiple unreported misissuances in 2018
QuoVadis: improper countryName format
QuoVadis: Non-BR-Compliant issuance --improper characters in DNSName (BIT sub-CA)
QuoVadis: Non-BR-Compliant OCSP Responder
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
IdenTrust: Improper encoding of wildcard certificate
CCA India: Misissuance detected by PKIMetal