← SSL.com cases
Bugzilla #1678720
Certificate Misissuance
SSL.com: Wildcard DV certificate issued with a non-validated domain name
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com reported a misissuance of a wildcard DV certificate due to a typographical error in the domain name. The issue was identified by a validation specialist immediately after the certificate was issued, leading to its revocation within minutes. An internal investigation confirmed that the misissuance was a result of a rare combination of access privileges and manual actions. SSL.com has since implemented technical measures to prevent similar occurrences in the future, and a thorough review found no other similar cases.
Chronology
- Certificate mis-issuance identified and revoked
- Initial Bugzilla report filed
- Final Bugzilla report filed
Participants
secauditor@ssl.com
bwilson@mozilla.com
ryan.sleevi@gmail.com
External References
Similar Local Cases
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
SSL.com: Issuance of TLS certificates with domain validation methods prohibited by SC-45
SSL.com: S/MIME certificates issued prior to validation
SSL.com: Issuance of one Sponsored-Validated S/MIME certificate with organization information in givenName and surName of the subjectDN
Telekom Security: Certificate with invalid FQDN
Sectigo: Subject field with unvalidated information included in certificates
certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client
GDCA: Incorrect Value in organizationName Field