← GlobalSign nv-sa cases
Bugzilla #1654544
Certificate Misissuance
GlobalSign: Use of Domain Validation Random Value for more than 30 days
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign identified a compliance issue where random values used for domain validation exceeded the 30-day limit set by the Baseline Requirements. This oversight allowed 78 domains to be validated with expired random values, leading to the issuance of 101 certificates over a two-week period. All affected certificates were revoked by July 17, 2020. The incident prompted a review of their processes, resulting in a commitment to update random values every 28 days to prevent future occurrences.
Chronology
- Reset all random values for legacy product.
- 30-day random value limit requirement came into effect.
- Script to reset random values failed.
- Script executed to update random values.
- All domains validated with expired RVs were reset.
- All certificates issued with expired RVs were revoked.
Participants
Arvid Vermote
Ryan Sleevi
External References
Similar Local Cases
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31
GlobalSign: Wrong business category (Non Commercial Entity when should have been Private Organization)
GlobalSign: Incorrect RegNumber-Org Type combination
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName
GlobalSign: EV certificate with wildcard domain in common name and SAN
DigiCert: Domain validation skipped
SECOM: Mis-issued EV Certificates
GlobalSign: 4 Misissued certificates with invalid CN