← SwissSign AG cases
Bugzilla #1569651
Certificate Misissuance
SwissSign: Misissuance of Leaf Certificates because of incorrect postcode
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a misissuance of two leaf certificates due to an incorrect postal code configuration. The issue was identified during an internal review on July 25, 2019, leading to immediate actions including revocation of the affected certificates. The misconfiguration was attributed to human error in the operator template, which concatenated postal code and location fields. SwissSign has since abolished the exception process that allowed this error and confirmed that no other certificates were affected.
Chronology
- Issue detected during internal review
- Incident report published on Bugzilla
- Second certificate revoked
- Review completed, confirmed no other certificates affected
- All problematic certificates revoked or expired
Participants
Timo Schmitt
W. Thayer
Ryan Sleevi
Nathalie Weiler
External References
Similar Local Cases
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier
SwissSign: "Some-State" in stateOrProvinceName
SwissSign: Invalid DNSName in SAN
SwissSign: Domain validated certificate but with stateOrProvinceName
Entrust: Late mis-issue certificate revocation
E-Tugra: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
Amazon Trust Services: No Space In Private Organization
Disig: Non-BR-Compliant Certificate Issuance