← Sectigo cases
Bugzilla #1575022
Certificate Problem Report
Sectigo: EV SSL Certificates with incorrect subject details.
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified issues with EV SSL certificates that contained incorrect subject details, specifically regarding the Jurisdiction of Incorporation (JoI) and subject:serialNumber fields. Following reports from users, Sectigo began revoking affected certificates and implemented a series of code changes to prevent future misissuance. Despite challenges in timely updates and administrative errors causing delays in revocation, Sectigo has committed to improving their validation processes and has established a new approval team to enhance compliance with EV guidelines.
Chronology
- Initial report of incorrect subject details received.
- Detailed incident report provided by Sectigo.
- Commitment to improve documentation and validation processes.
- Code fix for data field overwriting scheduled for release.
- Identification of additional certificates with JoI errors.
- Final update indicating no further planned actions.
Participants
Robin Alden
Wayne Thayer
Jeremy Rowley
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: "Default City" in Subject:localityName
Sectigo: "Some-State" in stateOrProvinceName
Sectigo: Failure to revoke key-compromised certificates
Sectigo: Mojibake in certificate Subject fields
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: EV SSL Certificates with incorrect businessCategory
Sectigo: Non-revocation of certificates with subject:organizationalUnitName in DV certificates