← certSIGN cases
Bugzilla #1674886 Certificate Misissuance

certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client

RESOLVED FIXED certSIGN
AI Summary

certSIGN misissued an OV SSL certificate instead of a DV SSL certificate as requested by a client due to a human error during the issuance process. The error occurred when an RA operator selected the wrong pre-certificate profile, which went unnoticed by subsequent checks. Upon realization, certSIGN promptly revoked the misissued certificates and initiated an internal investigation. They have since implemented additional technical controls to prevent similar incidents in the future.

Model: gpt-4o-mini Generated: 2026-06-13 21:23 UTC Confidence: 0.90
Chronology
  1. Issue reported by client via email
  2. Certificates revoked and internal investigation started
  3. Pre-issuance checks updated to include zlint
Participants
Gabriel PETCU george@fozzie.dev bogdan.patrascu@certsign.ro ryan.sleevi@gmail.com bwilson@mozilla.com
External References
Original Bugzilla Case crt.sh crt.sh wiki.mozilla.org
Similar Local Cases
#1762707 RESOLVED Certificate Misissuance Opened 2022-04-02 · Closed 2023-02-22 · 59% similar
certSIGN: Subscriber precertificate without Certificate Policies
AI Summary CA Owner
#1736064 RESOLVED Certificate Misissuance Opened 2021-10-15 · Closed 2023-02-22 · 57% similar
Sectigo: Subject field with unvalidated information included in certificates
AI Summary CA Owner
#1678720 RESOLVED Certificate Misissuance Opened 2020-11-20 · Closed 2023-02-22 · 57% similar
SSL.com: Wildcard DV certificate issued with a non-validated domain name
AI Summary CA Owner
#1662382 RESOLVED Certificate Misissuance Opened 2020-09-01 · Closed 2023-02-22 · 57% similar
GDCA: Incorrect Value in organizationName Field
AI Summary CA Owner
#1724520 RESOLVED Certificate Misissuance Opened 2021-08-06 · Closed 2023-02-22 · 56% similar
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
AI Summary CA Owner
#1711432 RESOLVED Certificate Misissuance Opened 2021-05-17 · Closed 2023-02-22 · 55% similar
Telekom Security: Certificate with invalid FQDN
AI Summary CA Owner
#1623356 RESOLVED Certificate Misissuance Opened 2020-03-18 · Closed 2023-02-22 · 54% similar
GlobalSign: Misissuance of QWAC Certificates
AI Summary CA Owner
#1674082 RESOLVED Certificate Misissuance Opened 2020-10-29 · Closed 2023-02-22 · 54% similar
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action