← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1705187
Certificate Problem Report
KIR S.A.: CN domain not in SAN
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
Krajowa Izba Rozliczeniowa S.A. (KIR) faced an issue where a certificate was issued with a Common Name (CN) that was not included in the Subject Alternative Name (SAN) field. The problem was identified shortly after issuance, leading to an investigation and subsequent revocation of the certificate. KIR acknowledged the lack of technical validation in their software as a contributing factor and has since updated their SSL certificate issuance procedures to prevent similar issues in the future. The resolution involved deploying a patch to enhance pre-issuance checks.
Chronology
- Certificate issued with CN not in SAN
- Certificate revoked
- Solution deployed to production
Participants
Michel Le Bihan
Piotr Grabowski
Matthias
Ryan Sleevi
Elzbieta Wlodarczyk
Andrew Ayer
Ben Wilson
External References
Similar Local Cases
KIR S.A.: Invalid organizationName
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName
KIR S.A.: Many certificates with OCSP Unknown
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown
e-commerce monitoring GmbH: CN domain not in SAN
KIR S.A.: Certificates issued greater than stated in CPS
Entrust: SSL Certificates issued with Un-verified IP Addresses
E-Tugra: Intermittent OCSP response with status 'Unknown'