← GoDaddy cases
Bugzilla #1577913
Certificate Problem Report
GoDaddy: Issues with State and Country fields
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy identified issues with the state and country fields in seven certificates, leading to incorrect ISO codes and misspellings. The problem was reported on August 19, 2019, prompting an investigation and subsequent revocation of the affected certificates by August 23. GoDaddy has since implemented a solution that includes a predefined list of acceptable states and jurisdictions, eliminating free text fields to prevent future errors. The new validation automation was deployed on October 1, 2019, and is now in effect globally for all certificates issued by GoDaddy.
Chronology
- Certificate problem report received.
- Investigation began and affected customers were contacted.
- All affected certificates revoked.
- New validation automation deployed.
Participants
Joanna Fox
Ryan Sleevi
Wayne Thayer
Derek Hood
External References
Similar Local Cases
GoDaddy: Insufficient serial number entropy
GoDaddy: Certificates issued with validity periods greater than 398-days
GoDaddy: failure to revoke underscores
QuoVadis: N/A in EV serialNumber field
SwissSign: CP/CPS certificate profile issue
Entrust: IP Address in dNSName form
GoDaddy: Failure to revoke certificate with compromised key within 24 hours
Sectigo: "Some-State" in stateOrProvinceName