← Microsec Ltd. cases
Bugzilla #1676352
Certificate Misissuance
Microsec: Certificate validity period greater than 398 days
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. faced an incident involving the misissuance of two CISCO VPN server authentication certificates with a validity period exceeding 398 days. The certificates were issued on November 5 and 6, 2020, and were promptly revoked within 24 hours upon discovery. The root cause was identified as a missing component in their certificate profile management system, which was not updated during a server migration. Microsec has since implemented corrective actions, including a review of all certificate profiles and enhancements to their management system to prevent future occurrences.
Chronology
- First CISCO VPN server authentication certificate issued
- Second CISCO VPN server authentication certificate issued and both revoked
- Status report detailing corrective actions and system improvements
Participants
Michel Le Bihan
Dr. Sándor SZŐKE
Corey Bonnell
B. Wilson
Ryan Sleevi
External References
Similar Local Cases
Microsec: Non-BR-Compliant Certificate Issuance
Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
Microsec: Misissuance an EV TLS certificate without CPSuri
Microsec: Validity period greater than 825 days
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD
Microsec: Failure to revoke noncompliant ICA within 7 days
PKIoverheid: KPN issued Invalid organizationalUnitName