QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17)

QuoVadis issued several Qualified Web Authentication Certificates (QWAC) that incorrectly included the Organisationidentifier field, which was not compliant with the CA/Browser Forum's guidelines. The issue was identified during an audit, leading to the revocation of four certificates. The revocation process faced delays due to potential business impacts on clients, particularly because of certificate pinning by a regulatory entity. QuoVadis has since restored compliance and is implementing additional controls to prevent future occurrences.

1. 2019-06-06 Issue identified verbally
2. 2019-06-07 First certificate revoked
3. 2019-06-18 Second certificate revoked
4. 2019-07-02 Third and fourth certificates revoked
5. 2019-07-10 Compliance education on revocation process initiated
6. 2019-07-30 Compliance communicated revocation requirements
7. 2019-08-10 Remediation confirmed complete