← Asseco Data Systems S.A. cases
Bugzilla #1567062
Certificate Problem Report
Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
The case involves Asseco Data Systems S.A. (Certum) and a reported inconsistency in the disclosure of an externally-operated intermediate certificate. The issue arose when it was found that the same subject and Subject Public Key Info (SPKI) were associated with two different Certificate Policies/Certification Practice Statements (CP/CPS) from different organizations. Asseco acknowledged the issue and took steps to correct the disclosures, ensuring that the audit and CP/CPS information was accurately represented. The case has been resolved with all questions answered and remediation completed.
Chronology
- Initial report of inconsistent disclosure
- Asseco confirmed fixes to the reported issues
- Final confirmation of remediation completion
Participants
Andrew Ayer
Wojciech Trapczyński
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
Asseco DS / Certum: Intermediate CA certificates not listed in audit report
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours.
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment)
Asseco DS / Certum: IP in dnsName
Asseco DS / Certum: Corrupted certificates
Asseco DS / Certum: commonName not from subjectAltName entries
Asseco DS / Certum: Failure to revoke within 5 days