← Start Commercial (StartCom) Ltd. cases
Bugzilla #1369359 Certificate Misissuance

StartCom: mis-issuance of certs with unvalidated domain names and bogus field values

RESOLVED FIXED Start Commercial (StartCom) Ltd.
AI Summary

StartCom Ltd. was reported for issuing certificates with unvalidated domain names and incorrect field values. The incident arose from testing related to Certificate Transparency (CT) logging, which led to the creation of fake certificates that were immediately revoked. StartCom acknowledged the issue and provided a report detailing the incident and remediation steps taken to prevent future occurrences. The certificates in question were not part of the legitimate issuance process and were only for testing purposes.

Model: gpt-4o-mini Generated: 2026-06-13 15:00 UTC Confidence: 0.90
Chronology
  1. Initial report of mis-issued certificates
  2. StartCom responds and explains the situation
  3. Discussion on potential overlap with another bug
Participants
Gervase Markham Inigo Szczygłowski Ryan Sleevi
External References
Original Bugzilla Case
Similar Local Cases
#1386891 RESOLVED Certificate Misissuance Opened 2017-08-02 · Closed 2023-02-22 · 64% similar
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
AI Summary CA Owner
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 57% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 56% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1391055 RESOLVED Certificate Misissuance Opened 2017-08-16 · Closed 2023-02-22 · 56% similar
Microsec: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1390991 RESOLVED Certificate Misissuance Opened 2017-08-16 · Closed 2023-02-22 · 56% similar
Disig: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1369342 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 56% similar
StartCom: 'un-revoking' intermediate certificates
AI Summary CA Owner
#1391056 RESOLVED Certificate Misissuance Opened 2017-08-16 · Closed 2023-02-22 · 55% similar
NetLock: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1462797 RESOLVED Certificate Misissuance Opened 2018-05-18 · Closed 2023-02-22 · 51% similar
E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action