← Asseco Data Systems S.A. cases
Bugzilla #1611458
Certificate Misissuance
Asseco DS / Certum: Invalid value in SAN dNSName
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. reported a misissuance of an SSL certificate where an IP address was incorrectly placed in the dNSName field instead of the iPAddress field. This issue was identified during an internal review, and the misissued certificate was revoked promptly. The CA has since implemented procedural changes to prevent recurrence, including a system fix and a commitment to stop issuing U-Labels in the Common Name field. The incident highlights the importance of validating dNSNames to avoid similar issues in the future.
Chronology
- Installed a new version of the certificate management application.
- Discovered a bug affecting SSL certificate issuance with IP addresses.
- Introduced a workaround for the identified bug.
- Identified the misissued certificate during an internal review.
- Revoked the misissued certificate.
- Planned installation of a system fix to prevent future misissuance.
- Moved to A-labels in the Common Name and removed all ZLint exceptions.
Participants
Wojciech Trapczyński
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
Asseco DS / Certum: EV Certificates issued with wrong Business Category
Telia: "Some-State" in stateOrProvinceName
Telia: Misissued certificate - invalid dnsName
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing
KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days
Entrust: Question marks in certificate O and L fields