← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1535871 Certificate Problem Report

PKIoverheid: KPN Insufficient Serial Number Entropy

RESOLVED FIXED Government of The Netherlands, PKIoverheid (Logius)
AI Summary

The PKIoverheid CA identified a significant issue regarding insufficient entropy in the serial numbers of TLS certificates issued by KPN between September 30, 2016, and March 5, 2019. This problem was first noted during discussions in the Mozilla security policy community. Affected certificates were found to potentially include around 22,000 TLS certificates. The CA has since implemented a remediation plan, including the revocation of non-compliant certificates and the transition to using longer serial numbers. As of the latest updates, all affected certificates have been revoked, and measures have been put in place to prevent similar issues in the future.

Model: gpt-4o-mini Generated: 2026-06-13 18:08 UTC Confidence: 1.00
Chronology
  1. KPN begins investigation into serial number entropy issue.
  2. Logius PKIoverheid orders KPN to investigate and revoke affected certificates.
  3. All certificates in scope of Mozilla Policy have been CT logged.
  4. All affected certificates have been revoked.
Participants
Wayne Thayer Jochem van den Berge Ryan Sleevi Jorik van't Hof
External References
Original Bugzilla Case
Similar Local Cases
#1573490 RESOLVED Certificate Problem Report Opened 2019-08-13 · Closed 2023-02-22 · 80% similar
PKIoverheid: CIBG insufficient serial number entropy
AI Summary CA Owner
#1398251 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 62% similar
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1533774 RESOLVED Certificate Problem Report Opened 2019-03-08 · Closed 2023-02-22 · 62% similar
GoDaddy: Insufficient serial number entropy
AI Summary CA Owner
#1576283 RESOLVED Certificate Problem Report Opened 2019-08-23 · Closed 2023-02-22 · 61% similar
QuoVadis: N/A in EV serialNumber field
AI Summary CA Owner
#1600158 RESOLVED Certificate Problem Report Opened 2019-11-28 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
AI Summary CA Owner
#1448986 RESOLVED Certificate Problem Report Opened 2018-03-26 · Closed 2023-02-22 · 60% similar
Entrust: IP Address in dNSName form
AI Summary CA Owner
#1532399 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 59% similar
TrustCor: Insufficient Serial Number Entropy
AI Summary CA Owner
#1532333 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 59% similar
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action