← MULTICERT cases
Bugzilla #1637093 Certificate Problem Report

Multicert: AIA CA Issuer field pointing to PEM encoded cert

RESOLVED FIXED MULTICERT
AI Summary

Multicert identified an issue where the CA certificate file linked in the Authority Information Access (AIA) of end entity certificates was incorrectly encoded in PEM format instead of the required DER format. This was reported on May 11, 2020, and after confirming the issue, Multicert replaced the CA certificate file with the correct DER encoded version within hours. No misissued certificates were reported, and the incident did not require revocation of any end user certificates. Multicert has since updated its procedures to ensure compliance with the DER format requirement.

Model: gpt-4o-mini Generated: 2026-06-13 21:11 UTC Confidence: 0.90
Chronology
  1. Notification received about incorrect PEM encoding
  2. Investigation confirmed the issue and resolution started
  3. CA certificate file replaced with DER encoded version
Participants
ca.forum@multicert.com bwilson@mozilla.com ryan.sleevi@gmail.com
External References
Original Bugzilla Case tools.ietf.org pki.multicert.com crt.sh groups.google.com
Similar Local Cases
#1534429 RESOLVED Certificate Problem Report Opened 2019-03-11 · Closed 2023-02-22 · 66% similar
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
AI Summary CA Owner
#1639794 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 57% similar
Let's Encrypt: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner
#1534429 RESOLVED Certificate Problem Report Opened 2019-03-11 · Closed 2023-02-22 · 57% similar
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
AI Summary CA Owner
#1639798 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 56% similar
GoDaddy: Failure to revoke key-compromised certificates within 24 hours
AI Summary CA Owner
#1636141 RESOLVED Certificate Problem Report Opened 2020-05-07 · Closed 2023-02-22 · 56% similar
SwissSign: failure to provide a preliminary report within 24 hours
AI Summary CA Owner
#1719916 RESOLVED Certificate Problem Report Opened 2021-07-09 · Closed 2023-02-22 · 55% similar
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
AI Summary CA Owner
#1722089 RESOLVED Certificate Problem Report Opened 2021-07-23 · Closed 2023-02-22 · 55% similar
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
AI Summary CA Owner
#1639804 RESOLVED Certificate Problem Report Opened 2020-05-21 · Closed 2023-02-22 · 55% similar
Sectigo: Failure to revoke key-compromised certificate within 24 hours
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action