← Microsoft Corporation cases
Bugzilla #1674561
Certificate Misissuance
Microsoft PKI Services: DV certificate issued with OV fields
RESOLVED
FIXED
Microsoft Corporation
AI Summary
A DV certificate was incorrectly issued with Organization Validation (OV) fields due to a failure in a seldom-used workflow at Microsoft PKI Services. The issue was reported on October 31, 2020, and involved three certificates that were subsequently revoked. Microsoft has since implemented manual checks and is working on automating pre-issuance checks to prevent future occurrences. The resolution included deploying ZLint for additional validation checks.
Chronology
- Issue reported by george@fozzie.dev
- All impacted certificates revoked
- ZLint checking deployed for new subscriber certificate requests
Participants
George [:fozzie]
Dustin Hollenback
Ryan Sleevi
Ben Wilson
External References
Similar Local Cases
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
Sectigo: Incorrect JOI for federal credit unions
eMudhra: emSign CA ECC Test Certificate Misissuance
SwissSign: Misissuance with mispellings in Location for a number of Certificates
Izenpe: certificate issued to internal domain
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed