← Asseco Data Systems S.A. cases
Bugzilla #1550575
Certificate Problem Report
Asseco DS / Certum: commonName not from subjectAltName entries
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. reported an incident involving the issuance of SSL certificates where the Common Name (CN) was not derived from the Subject Alternative Name (SAN) entries. The issue was identified during a routine review, leading to the discovery of two misissued certificates. The CA took immediate corrective actions, including blocking further issuance of such certificates and implementing a software fix. By July 2019, the CA successfully deployed a pre-issuance linting service to prevent future occurrences of this issue.
Chronology
- First certificate with CN not from SAN issued
- CA became aware of misissuances
- Pre-issuance linting deployed in production
Participants
Wojciech Trapczyński
Aleksandra Kapinos
Ryan Sleevi
External References
Similar Local Cases
Asseco DS / Certum: Failure to revoke within 5 days
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours.
Asseco DS / Certum: Intermediate CA certificates not listed in audit report
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate
Asseco DS / Certum: IP in dnsName
Asseco DS / Certum: Incorrect localityName
Asseco DS / Certum: Cross-Certificates subject encoding discrepancy