← AC Camerfirma, S.A. cases
Bugzilla #1667430
Certificate Problem Report
Camerfirma: Invalid stateOrProvinceName field
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
A bug was reported regarding the issuance of certificates by Camerfirma that incorrectly used 'Italia' as a value for the stateOrProvinceName field, which is not compliant with the Baseline Requirements. The CA acknowledged a misunderstanding of the requirements and has since identified and revoked affected certificates. The revocation process is complicated due to the number of certificates involved and the critical nature of the services they support. A total of 1,000 certificates were affected, and the CA has committed to improving its oversight of SubCAs to prevent future occurrences.
Chronology
- Bug reported regarding invalid stateOrProvinceName.
- Camerfirma stopped issuing certificates with the affected profile.
- All affected certificates were revoked.
Participants
George [:fozzie]
Ana Lopes
Eusebio Herrera
Juan Angel Martin
Ryan Sleevi
Matthias
Paul Steinberg
External References
Similar Local Cases
Camerfirma: suspicious certificate for com.com
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: Incorrect OCSP Delegated Responder Certificate
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue
Camerfirma: Old CAs with an RSA modulus size of 2047 bits
Camerfirma: MULTICERT certificates with a validity period greater than 825 days