← Start Commercial (StartCom) Ltd. cases
Bugzilla #1409760 Certificate Misissuance

StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record

RESOLVED WONTFIX Start Commercial (StartCom) Ltd.
AI Summary

The case involves StartCom issuing a certificate for a domain (www.gazebear.online) that was incorrectly validated due to a CNAME record pointing to another domain with a restrictive CAA record. Despite communication with StartCom, the root cause of the misissuance was not identified initially. However, subsequent updates indicated that the issue was resolved with the installation of a new EJBCA release. Ultimately, StartCom announced its exit from the CA business.

Model: gpt-4o-mini Generated: 2026-06-13 17:12 UTC Confidence: 0.90
Chronology
  1. User reported CAA misissuance to StartCom.
  2. StartCom confirmed that the issue was fixed after system updates.
  3. StartCom announced exit from the CA business.
Participants
Quirin Scheitle Iñigo Gerv
External References
Original Bugzilla Case crt.sh dnsviz.net github.com
Similar Local Cases
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 52% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1420766 RESOLVED Certificate Misissuance Opened 2017-11-26 · Closed 2024-05-09 · 51% similar
Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1420860 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 50% similar
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1369359 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 49% similar
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
AI Summary CA Owner
#1409764 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 48% similar
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag
AI Summary CA Owner
#471702 RESOLVED Certificate Misissuance Opened 2008-12-31 · Closed 2022-11-14 · 48% similar
StartCom's key for bogus www.mozilla.com certificate should be destroyed
AI Summary CA Owner
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 48% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 48% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action