← Telia Company cases
Bugzilla #1689589
Certificate Problem Report
Telia: Disallowed curve (P-521) in leaf certificate
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company issued a leaf certificate using the disallowed P-521 elliptic curve, which violates Mozilla's security policies. The issue was identified through an incident report and subsequent internal audits. Telia took immediate corrective actions, including revoking the problematic certificate and enhancing their lint checking processes to prevent future occurrences. The bug in the ACME server that allowed this issue was fixed, ensuring that invalid certificate signing requests are now properly rejected.
Chronology
- Certificate created using Telia ACME solution
- Telia received incident report regarding the disallowed curve
- Incident evaluated and corrective actions initiated
- Bug in ACME server fixed to reject invalid CSRs
Participants
Rob Stradling
Pekka Lahtiharju
Ben Wilson
External References
Similar Local Cases
Telia: Delayed revocation of seven (7) certificates related to incident 1896108
CFCA: CRL Error
Digicert: Preview certificate uploaded to CCADB instead of the actual certificate
Telia: Issued three precertificates with non-NIST EC curve
SSL.com: Entrust API and CAA checking
DigiCert: Incorrect CP listed in CCADB
Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB
Telia: Two Intermediate CA certificates not listed in audit report