← Microsec Ltd. cases
Bugzilla #1651632
Certificate Misissuance
Microsec: Failure to revoke noncompliant ICA within 7 days
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. faced challenges in revoking noncompliant Intermediate Certificate Authority (ICA) certificates within the mandated 7-day period after being notified of misissued OCSP responder certificates. Although two affected ICA certificates were revoked promptly, two others could not be revoked due to significant user impact. The company worked on alternative solutions and ultimately revoked the misissued certificates and destroyed the affected keys under independent supervision. The incident was resolved with all affected certificates revoked and keys destroyed.
Chronology
- Microsec notified of misissued OCSP responder certificates.
- Bug filed regarding the failure to revoke noncompliant ICA.
- Microsec destroyed all affected ICA keys.
Participants
dr. Sándor SZŐKE
bwilson@mozilla.com
External References
Similar Local Cases
Microsec: Misissuance an EV TLS certificate without CPSuri
Microsec: Certificate validity period greater than 398 days
Microsec: Validity period greater than 825 days
Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment
Microsec: Non-BR-Compliant Certificate Issuance
iTrusChina: Issuance of certificates using keys previously reported as compromised
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains"
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels