← Microsec Ltd. cases
Bugzilla #1622539
Certificate Problem Report
Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. issued two IVCP precertificates that lacked required fields: givenName, surName, and localityName. The issue was identified through discussions in the mozilla.dev.security.policy mailing list. Although the precertificates were expired and could not be revoked, Microsec suspended the issuance of IVCP certificates and implemented corrective measures, including software updates to ensure compliance with certificate profiles. The IVCP profiles were reactivated after training for Registration Officers, and the CA software is now functioning properly.
Chronology
- Two precertificates issued for internal testing.
- Microsec informed about the faulty precertificates.
- Incident report opened and IVCP profiles deactivated.
- New CA software release activated.
- IVCP profiles reactivated after training.
Participants
Wayne Thayer
Dr. Sándor SZŐKE
External References
Similar Local Cases
Microsec: CT Logging mistakes
Microsec: Late response to a CPR
Microsec: "DV valid" test website certificate issued under incorrect root
Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB
Microsec: Disallowed subject attribute field in DV certificate
MICROSEC: Incident report - No OCSP status response for 2 Precertificates
Microsec: Incorrect OCSP Delegated Responder Certificate
Microsec: Expired Certificates on test Pages for Revocation