← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1706950
Certificate Misissuance
PKIoverheid: KPN issued Invalid organizationalUnitName
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The case involves a misissued certificate by KPN, which contained an invalid organizationalUnitName. The issue was reported on April 22, 2021, and KPN took immediate action, informing the end customer and revoking the affected certificate shortly thereafter. A thorough investigation revealed that the misissuance was due to a human error during the validation process. KPN has since implemented additional validation checks and is in the process of enhancing their linting tools to prevent future occurrences. The situation has been resolved, and the necessary corrective measures have been put in place.
Chronology
- Issuance of certificate with invalid OU field
- Mis-issuance reported on Bugzilla
- KPN informed of the bug and internal investigation started
- Affected certificate revoked
- Pre-issuance linting tool rolled out in production
Participants
Michel Le Bihan
Jorik van 't Hof
David Weissenberg
Ryan Sleevi
External References
Similar Local Cases
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD
Sectigo: Invalid stateOrProvinceName
Microsec: Certificate validity period greater than 398 days
Sectigo: Incorrect EV businessCategory
Microsoft PKI Services: Certificate Mis-Issuance, Locality Missing
DigiCert: DigiCert issued cert with CN too long
SwissSign: Invalid DNSName in SAN
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier