← Telia Company cases
Bugzilla #1563575
Certificate Misissuance
Telia: Failure to disclose Unconstrained Intermediate within 7 Days
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company failed to disclose a self-signed root certificate, 'Telia Root CA v2', within the required seven days as mandated by Mozilla's policy. This oversight was identified after Mozilla created a bug report on July 4, 2019. Telia initially believed the situation did not constitute an incident, but later acknowledged the requirement for disclosure after discussions with Mozilla. The root certificate was eventually disclosed in CCADB on July 9, 2019, following a timeline of actions taken by Telia to address the issue. The incident report provided by Telia outlines the steps taken to ensure compliance with Mozilla's policies moving forward.
Chronology
- Telia created a new self-signed Root certificate.
- Mozilla created a bug regarding the failure to disclose the root certificate.
- Telia disclosed the new self-signed root CA in CCADB.
Participants
Ryan Sleevi
Pekka Lahtiharju
Wayne Thayer
External References
Similar Local Cases
Telia: Misissued certificate - invalid dnsName
Telia: "Some-State" in stateOrProvinceName
SECOM: Failure to disclose Unconstrained Intermediate within 7 Days
Telia: Non-BR-Compliant OCSP Responder
SECOM: "Default City" in Subject:localityName
NetLock: CN not in SAN
certSIGN: "Some-State" in stateOrProvinceName
Camerfirma: failure to revoke underscores