← GlobalSign nv-sa cases
Bugzilla #1664328
Policy Compliance
GlobalSign: SHA-256 hash algorithm used with ECC P-384 key
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign faced an issue where certificates issued by their ECC CloudSSL CA with a P-384 key were incorrectly signed using ECDSA with SHA-256 instead of the required SHA-384. This discrepancy was identified during an investigation triggered by an unrelated incident. GlobalSign acknowledged the problem and ceased issuance of affected certificates, implementing measures to ensure compliance with cryptographic standards. The incident was resolved with a commitment to enhance their compliance processes and historical data analysis capabilities.
Chronology
- Incident detected regarding incorrect signature algorithm.
- GlobalSign ceased issuance of certificates with incorrect algorithm.
- Bug closed after compliance improvements were implemented.
Participants
Rob Stradling
Arvid Vermote
Paul Brown
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
TWCA: Policy OID not set to indicate the assurance level to the issued certs
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Firmaprofesional: 2020 Audit Report Finding 2 out of 4
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
Amazon Trust Services: CP/CPS does not specify key compromise methods