← D-TRUST cases
Bugzilla #1647468
Certificate Problem Report
D-TRUST: Wrong key usage (Key Encipherment)
RESOLVED
FIXED
D-TRUST
AI Summary
D-TRUST reported a certificate misissuance where a certificate was incorrectly issued with 'keyEncipherment' instead of 'keyAgreement'. The issue was identified through internal quality checks shortly after issuance, leading to the certificate's revocation within hours. D-TRUST halted all certificate issuance from the affected CA until the configuration was corrected. A thorough analysis was conducted, and steps were taken to prevent future occurrences, including a commitment to submit a pull request to the ZLint team to address the underlying issue.
Chronology
- Certificate with wrong key usage issued
- Certificate revoked
- Internal quality checks initiated
- Production resumed after configuration correction
- Contacted ZLint team regarding the issue
- Case closure proposed
Participants
Enrico Entschew
Ryan Sleevi
B. Wilson
External References
Similar Local Cases
D-TRUST: Certificate with RSA key where modulus is not divisible by 8
D-Trust: Notice to affected Subscriber and person filing CPR not sent within 24 hours
D-TRUST: EV certificates with incorrectly used businessCategory entry
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714
D-TRUST: Precertificate OU > 64 Characters
D-TRUST: incorrectly formatted businessCategory entry
D-TRUST: Non-BR-Compliant Certificate Issuance
D-TRUST: Wrong key usage (Key Agreement)