← GlobalSign nv-sa cases
Bugzilla #1654896
Certificate Problem Report
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign identified an issue where certain certificates were issued with RSA keys that had a modulus not divisible by 8. The problem was first reported on July 17, 2020, leading to an internal investigation and subsequent revocation of all affected certificates. A total of 38 certificates were found to have this issue, with the first issued on August 2, 2017, and the last on February 25, 2020. GlobalSign had already deployed a code fix to block such key sizes on March 3, 2020, prior to the incident report.
Chronology
- Code fix blocking key sizes not divisible by 8 deployed.
- Certificate problem report received.
- Internal investigation completed and all certificates where modulus is not divisible by 8 revoked.
Participants
Arvid Vermote
Paul Steinberg
Ryan Sleevi
B. Wilson
External References
Similar Local Cases
GlobalSign: Certificate issued to FQDN with malformed CAA
GlobalSign: Invalid stateOrProvinceName value
GlobalSign: Incorrect OCSP Delegated Responder Certificate
GlobalSign: Invalid stateOrProvinceName and locality pair
GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report
GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise
GlobalSign: Failure to revoke noncompliant ICA within 7 days
GlobalSign: Failure to revoke noncompliant certificates within 5 days