← Certigna cases
Bugzilla #1674082
Certificate Misissuance
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
RESOLVED
FIXED
Certigna
AI Summary
Certigna issued 76 certificates with validity periods exceeding the 398-day limit, primarily affecting French government services. The issue was identified on September 28, 2020, and the CA notified the national supervisory body, ANSSI, of the non-compliance and intention to revoke the certificates. Although many certificates were revoked promptly, some remained in use, leading to delays. The CA has since adjusted its certificate issuance practices to comply with the regulations and improve oversight.
Chronology
- Non-compliance identified and escalated.
- National supervisory body notified of non-compliance.
- Revocation of certificates began.
Participants
r.delval@certigna.com
ryan.sleevi@gmail.com
bwilson@mozilla.com
External References
Similar Local Cases
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client
Telekom Security: Certificate with invalid FQDN
Sectigo: Subject field with unvalidated information included in certificates
SSL.com: Wildcard DV certificate issued with a non-validated domain name
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
GDCA: Incorrect Value in organizationName Field
Certigna: TLS certificates with Basic constraint non-critical