← Buypass cases
Bugzilla #1626078
Certificate Problem Report
Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs
RESOLVED
FIXED
Buypass
AI Summary
Buypass identified an issue with the cabfOrganizationIdentifier extension in their PSD2 Qualified Website Authentication Certificates (QWACs), where the NCA identifier was missing. This was reported by the PSD2 community, leading to an immediate investigation. Buypass acknowledged the issue and ceased issuance of the affected certificates. They implemented a fix and revoked all problematic certificates by April 4, 2020. The incident was resolved with no further complications reported.
Chronology
- Buypass received notification about the missing NCA identifier.
- Buypass implemented a fix in their test environment.
- The fix was deployed to production.
- All affected certificates were revoked.
Participants
Mads Henriksveen
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
Buypass: Intermediate certificates not listed in audit reports
Buypass: PSD2 QWAC with RSA modulus not divisible by 8
Buypass: Failure to revoke PSD2 QWACs within mandated 5 days
Buypass: Insufficient Serial Number Entropy
Buypass: Illegal Business Category in a PSD2 QWAC
Buypass: intermediate certificates not revoked within BR time period
Buypass: TLS certificates with incorrect Subject attribute order
Buypass: Domain validation method using not allowed domain contact