Izenpe: certificate issued to internal domain

Izenpe S.A. reported a misissuance incident involving a certificate issued for an internal domain. The issue was detected by their internal monitoring system, which prompted immediate revocation of the affected certificate. The root cause was identified as a failure in the validation process, where the information in the Certificate Signing Request (CSR) did not match the application form. Izenpe has since implemented measures to prevent similar incidents, including requiring all customers to use their web application for certificate requests, which automates CSR generation and validation checks. The incident raised concerns about Izenpe's domain validation processes, leading to further scrutiny and the revocation of four certificates issued under the flawed manual validation method.

1. 2020-07-06 Internal detection system warned about misissued certificate.
2. 2020-07-06 Affected certificate was revoked.
3. 2020-07-07 Izenpe required all customers to use the web application for requests.
4. 2020-07-10 Izenpe enabled validation controls in their PKI software.
5. 2020-08-04 Izenpe revoked four certificates issued under flawed validation.
6. 2020-10-28 Integration of web application with PKI system completed.