← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1573490 Certificate Problem Report

PKIoverheid: CIBG insufficient serial number entropy

RESOLVED FIXED Government of The Netherlands, PKIoverheid (Logius)
AI Summary

The PKIoverheid CA identified an issue with insufficient entropy in the serial numbers of TLS certificates issued by CIBG. The problem was first noted on March 8, 2019, leading to an investigation that revealed approximately 4,129 certificates were affected. CIBG transitioned to a private CA for TLS certificate issuance in December 2017, and all affected certificates were successfully revoked by October 2020. The issue stemmed from a misinterpretation of compliance requirements, which was acknowledged in the discussions.

Model: gpt-4o-mini Generated: 2026-06-13 18:19 UTC Confidence: 0.90
Chronology
  1. Investigation initiated after discussions in mozilla.dev.security.policy.
  2. CIBG confirmed the issue affected their certificates.
  3. CIBG completed revocation of affected certificates.
Participants
Jorik van 't Hof Wayne Thayer Ryan Sleevi Jochem van den Berge
External References
Original Bugzilla Case
Similar Local Cases
#1535871 RESOLVED Certificate Problem Report Opened 2019-03-16 · Closed 2023-02-22 · 80% similar
PKIoverheid: KPN Insufficient Serial Number Entropy
AI Summary CA Owner
#1649964 RESOLVED Certificate Problem Report Opened 2020-07-02 · Closed 2023-02-22 · 67% similar
PKIoverheid: Incorrect OCSP Delegated Responder Certificate
AI Summary CA Owner
#1610507 RESOLVED Certificate Problem Report Opened 2020-01-21 · Closed 2023-02-22 · 65% similar
PKIoverheid: TSP CPS lacks problem reporting instructions
AI Summary CA Owner
#1532399 RESOLVED Certificate Problem Report Opened 2019-03-04 · Closed 2023-02-22 · 61% similar
TrustCor: Insufficient Serial Number Entropy
AI Summary CA Owner
#1533774 RESOLVED Certificate Problem Report Opened 2019-03-08 · Closed 2023-02-22 · 61% similar
GoDaddy: Insufficient serial number entropy
AI Summary CA Owner
#1540315 RESOLVED Certificate Problem Report Opened 2019-03-29 · Closed 2023-02-22 · 59% similar
QuoVadis: LLB insufficient Serial Number Entropy
AI Summary CA Owner
#1448986 RESOLVED Certificate Problem Report Opened 2018-03-26 · Closed 2023-02-22 · 59% similar
Entrust: IP Address in dNSName form
AI Summary CA Owner
#1586860 RESOLVED Certificate Problem Report Opened 2019-10-07 · Closed 2023-02-22 · 58% similar
Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action