← SwissSign AG cases
Bugzilla #1391066
Policy Compliance
SwissSign: Non-BR-Compliant Certificate Issuance
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG faced issues with non-compliant certificate issuance, including certificates with metadata-only subject fields and negative serial numbers. The CA was required to address these problems to maintain its inclusion in Mozilla's Root Store. SwissSign has since implemented technical measures to prevent future occurrences and has revoked the problematic certificates. The CA has committed to regular updates and improvements in its problem reporting mechanisms.
Chronology
- SwissSign became aware of the first problem regarding SAN/subject disharmony.
- SwissSign revoked the last outstanding certificate with a negative serial number.
- SwissSign released a new version of its software addressing the outstanding issues.
- All relevant certificates were revoked.
Participants
Kathleen Wilson
Corneia Enke
Ryan Sleevi
Gervase Markham
Jonathan
Reinhard Dietrich
External References
Similar Local Cases
SwissSign: BRs require full annual audits
Izenpe: Non-BR-Compliant Certificate Issuance
EDICOM: Signing SHA-1 OCSP responses with unconstrained certificate
QuoVadis: Non-BR-Compliant Certificate Issuance
GoDaddy: Non-BR-Compliant Certificate Issuance
SECOM: Non-BR-Compliant Certificate Issuance
Kamu SM: Non-BR-Compliant Certificate Issuance
Entrust: Non-BR-Compliant Certificate Issuance