eMudhra: emSign CA ECC Test Certificate Misissuance

eMudhra Technologies Limited reported a misissuance of SSL/TLS certificates using the ECC algorithm, which incorrectly included key usage for key encipherment. The issue was identified on September 10, 2020, and was limited to four active test certificates. The CA took immediate corrective actions, including revoking the problematic certificates and updating their issuance procedures to prevent future occurrences. The incident was resolved with no impact on external customers, as the affected certificates were only for internal testing.

1. 2020-08-20 Configurations made for generating test certificates.
2. 2020-09-10 Problem reported regarding key usage issue.
3. 2020-09-11 New test certificates issuance completed and verified.
4. 2020-09-14 Incident analysis reviewed.
5. 2020-09-15 Analysis of misissuance completed.