← SSL.com cases
Bugzilla #1534145
Certificate Misissuance
SSL.com: P-384 curve / ecdsa-with-SHA256 certificates
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com identified that it had issued a limited number of ECDSA certificates using a curve-hash pair that was not compliant with the Mozilla Root Store Policy. The issue was discovered during a manual review on February 25, 2019, leading to an immediate suspension of ECDSA certificate issuance. SSL.com took corrective actions, including revoking misissued certificates and implementing new compliance measures. All remediation efforts were completed by April 2019, and SSL.com resumed issuing compliant certificates.
Chronology
- Version 2.4 of the Mozilla Root Store Policy published.
- Manual review identified compliance issue with curve-hash pair.
- Issuance of all ECDSA certificates suspended.
- All misissued certificates revoked and issuance resumed.
- All remediation completed.
Participants
Wayne Thayer
Fotis Loukos
External References
Similar Local Cases
SSL.com: Issuance of TLS certificates with domain validation methods prohibited by SC-45
SSL.com: Wildcard DV certificate issued with a non-validated domain name
Camerfirma: Missing audit for Intermediate certificate
SSL.com: S/MIME certificates issued prior to validation
SwissSign: Undisclosed Intermediate Certificates
KIR S.A.: Certificates issued with multiple BR violations
KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days
Izenpe: OU > 64 characters