← HARICA cases
Bugzilla #1597135
Certificate Misissuance
HARICA: 3 EV TLS Certificates without L or ST
RESOLVED
FIXED
HARICA
AI Summary
HARICA identified three EV TLS certificates issued without the required localityName or stateOrProvinceName attributes during internal quality checks. The certificates were scheduled for revocation within five days, and an incident report was created detailing the issue and remediation steps. The root cause was linked to a misconfiguration of the certificate profile and misunderstanding among validation specialists regarding the requirements. All problematic certificates were revoked as planned, and measures were implemented to prevent future occurrences.
Chronology
- Discovery of misissued certificates during internal checks.
- Revocation of the first affected certificate and re-enabling of EV/QWAC issuance.
- Revocation of the remaining two affected certificates.
- All problematic certificates revoked as planned.
Participants
Dimitris Zacharopoulos
Ryan Sleevi
External References
Similar Local Cases
HARICA: S/MIME certificate issuance with incorrect commonName
HARICA: TLS Server certificate issuance without proper validation
HARICA: subject:organizationIdentifier using VATEL as a prefix for tax identifier
certSIGN: "Some-State" in stateOrProvinceName
Sectigo: State name in localityName
Telia: "Some-State" in stateOrProvinceName
NetLock: CN not in SAN
Entrust: Late mis-issue certificate revocation