← AC Camerfirma, S.A. cases
Bugzilla #1692533
Certificate Problem Report
Camerfirma: Old CAs with an RSA modulus size of 2047 bits
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
Camerfirma identified an issue with old CAs that had an RSA modulus size of 2047 bits, which led to the issuance of 40,510 problematic certificates. The CA became aware of the issue on February 5, 2021, and took immediate action to stop issuing certificates with the flawed modulus. They provided clients with a new link to issue certificates from unaffected CAs and initiated a substitution process. The last problematic certificate was issued on February 12, 2021, due to a client error. The CA has committed to revoking affected certificates in batches, with the first batch scheduled for revocation on March 23, 2021.
Chronology
- Camerfirma informed about the issue by Michael Lettona.
- Last problematic certificate issued.
- First batch of affected certificates scheduled for revocation.
Participants
Ana Lopes
Eusebio Herrera
External References
Similar Local Cases
Camerfirma: Certificates without CABForum OV Reserved Policy Identifier
Camerfirma: Invalid stateOrProvinceName field
Camerfirma: suspicious certificate for com.com
Camerfirma: Incorrect OCSP Delegated Responder Certificate
Camerfirma: certificate for unregistered domain cuatis.net
Camerfirma: Unrevocation of MULTICERT SSL Certification Authority 001 certificate
Camerfirma: Failure to revoke within 7 days: OCSP EKU issue
Camerfirma: Invalid authorityKeyIdentifier - recurrent incident