← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1705647
Certificate Problem Report
KIR S.A.: Invalid organizationName
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
Krajowa Izba Rozliczeniowa S.A. (KIR) faced an issue with two certificates that incorrectly listed the `organizationName` as `Bank Testowy`. The problem was identified through a third-party report, leading to the revocation of the affected certificates. KIR acknowledged the error stemmed from insufficient verification processes for internal orders. They have since implemented stricter validation measures and a blacklist for problematic field names to prevent future occurrences. The incident was resolved with the successful revocation of the certificates and improvements to their issuance process.
Chronology
- Bug created regarding invalid organizationName.
- Certificates were revoked.
- Changes successfully deployed to production.
Participants
Michel Le Bihan
Piotr Grabowski
Ryan Sleevi
External References
Similar Local Cases
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName
KIR S.A.: CN domain not in SAN
KIR S.A.: Many certificates with OCSP Unknown
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown
KIR S.A.: Certificates issued greater than stated in CPS
KIR S.A.: O > 64 characters
KIR: Failure to disclose intermediate certificate within 7 days in ccadb
Asseco DS / Certum: Invalid stateOrProvinceName field (recurrent incident)