← AC Camerfirma, S.A. cases
Bugzilla #1685557
Certificate Problem Report
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma identified an issue with 286 certificates issued without the required CABForum OV Reserved Policy Identifier. The problem was detected on January 7, 2021, when the new version of zlint flagged errors during certificate issuance. Immediate actions were taken to halt the issuance of affected certificates, and a detailed incident report was provided. All affected certificates were revoked by January 13, 2021. The incident highlighted lapses in compliance with policy requirements and the need for improved quality control processes.
Chronology
- Detected issue with certificates lacking required Policy Identifier.
- Stopped issuance of affected certificate profiles.
- Revoked all affected certificates.
Participants
Ana Lopes
Mathew Hodson
Martin Ja
Eusebio Herrera
Paul Steinberg
External References
Similar Local Cases
Camerfirma: Invalid stateOrProvinceName field
Camerfirma: suspicious certificate for com.com
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue
Camerfirma: Old CAs with an RSA modulus size of 2047 bits
Camerfirma: Incorrect OCSP Delegated Responder Certificate
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident