← Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) cases
Bugzilla #1546253
Certificate Misissuance
GDCA: Authentication of Organization Identity Failure for an OV Certificate
RESOLVED
FIXED
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))
AI Summary
Global Digital Cybersecurity Authority (GDCA) identified a mis-issued OV certificate during a routine internal audit on April 19, 2019. The certificate, issued on March 28, 2019, contained an error in the organization field due to operator oversight. GDCA promptly revoked the certificate and implemented measures to prevent similar issues, including updating their Sensitive Data List and retraining their validation team. The incident has been resolved, and GDCA has committed to ongoing internal audits to ensure compliance.
Chronology
- Certificate mis-issued
- GDCA identified the mis-issued certificate
- GDCA revoked the affected certificate
- GDCA notified WebTrust auditor
Participants
capoc@gdca.com.cn
wthayer@fastly.com
External References
Similar Local Cases
GDCA: Incorrect Value in organizationName Field
GDCA: Issuance of SSL/TLS certificates with Non-critical Basic Constraints
Telia: Misissued certificate - Invalid wildcard format
GlobalSign: 4 Misissued certificates with invalid CN
Telia: invalid IP value in SAN DNS field
Telia: Misissued certificate - Invalid OU value "-"
Camerfirma: Non-BR-Compliant Issuance - DNSName is empty
GlobalSign: AT&T SSL certificates without the AIA extension