← GlobalSign nv-sa cases
Bugzilla #1554259 Certificate Problem Report

GlobalSign: SPKI lacks explicit NULL parameter

RESOLVED FIXED GlobalSign nv-sa
AI Summary

GlobalSign identified a compliance issue involving eight unrevoked SSL certificates that lacked the required NULL parameter, violating RFC 3279. Upon notification, GlobalSign promptly revoked the affected certificates and began investigating the root cause. The issue stemmed from an encoding error in their CA platform, which did not properly include the NULL parameter. GlobalSign has since implemented a zlint check to prevent future occurrences and has updated their backend software to address the issue. The incident has been resolved, and no further certificates have been issued without the NULL parameter since the incident was reported.

Model: gpt-4o-mini Generated: 2026-06-13 18:14 UTC Confidence: 1.00
Chronology
  1. Received notification of problematic certificates
  2. Revoked the certificates
  3. Released updated zlint with new NULL parameter check
  4. Patched system with updated version of EJBCA
Participants
douglas.beattie@gmail.com ryan.sleevi@gmail.com brian@briansmith.org wthayer@fastly.com
External References
Original Bugzilla Case jira.primekey.se crt.sh
Similar Local Cases
#1575880 RESOLVED Certificate Problem Report Opened 2019-08-22 · Closed 2023-02-22 · 74% similar
GlobalSign: SSL Certificates with US country code and invalid State/Prov
AI Summary CA Owner
#1579413 RESOLVED Certificate Problem Report Opened 2019-09-06 · Closed 2022-11-14 · 73% similar
GlobalSign: OCSP Responder Returns invalid values for Some Precertificates
AI Summary CA Owner
#1536760 RESOLVED Certificate Problem Report Opened 2019-03-20 · Closed 2023-02-22 · 65% similar
GlobalSign: Virginia Tech Insufficient Serial Number Entropy
AI Summary CA Owner
#1622505 RESOLVED Certificate Problem Report Opened 2020-03-14 · Closed 2023-02-22 · 58% similar
GlobalSign: OCSP Status HTTP 530
AI Summary CA Owner
#1536831 RESOLVED Certificate Problem Report Opened 2019-03-20 · Closed 2023-02-22 · 58% similar
GDCA: Insufficient Serial Number Entropy
AI Summary CA Owner
#1538638 RESOLVED Certificate Problem Report Opened 2019-03-25 · Closed 2023-02-22 · 58% similar
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy
AI Summary CA Owner
#1579509 RESOLVED Certificate Problem Report Opened 2019-09-06 · Closed 2022-11-14 · 57% similar
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
AI Summary CA Owner
#1534429 RESOLVED Certificate Problem Report Opened 2019-03-11 · Closed 2023-02-22 · 57% similar
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action