← GlobalSign nv-sa cases
Bugzilla #1547691
Certificate Misissuance
GlobalSign: AT&T SSL certificates without the AIA extension
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign reported that AT&T issued SSL certificates lacking the required AIA extension due to a misconfiguration during an EJBCA upgrade. The issue was identified on April 16, 2019, and affected approximately 20,000 certificates. AT&T has since worked on replacing and revoking the misissued certificates, with most replacements completed by early May. The incident raised concerns about AT&T's capability to operate a publicly-trusted CA, leading to commitments for future compliance and operational improvements.
Chronology
- Misissued certificates identified
- Incident report details shared
- AT&T revoked their 2 CAs
- GlobalSign revoked the CAs issued to AT&T
Participants
douglas.beattie@gmail.com
wthayer@fastly.com
ryan.sleevi@gmail.com
External References
Similar Local Cases
GlobalSign: 4 Misissued certificates with invalid CN
GlobalSign: Misissuance of QWAC Certificates
Telia: Ambiguity on KeyUsage with ECC public key
Telia: Misissued certificate - Invalid wildcard format
GlobalSign: Wrong business category (Non Commercial Entity when should have been Private Organization)
GlobalSign Partner: No SAN
Telia: invalid IP value in SAN DNS field
Telia: Misissued certificate - Invalid OU value "-"