← GlobalSign nv-sa cases
Bugzilla #1707073
Certificate Problem Report
GlobalSign: Invalid countryName
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
The issue reported involved a certificate issued by GlobalSign that incorrectly listed 'UK' as the country name. This was compounded by incorrect locality and state/province names. Upon discovery, GlobalSign promptly revoked the certificate and initiated an investigation. The investigation revealed that the problem stemmed from a misconfiguration during a data center migration, which led to the failure of the linting process that should have caught the error. GlobalSign has since implemented measures to enhance their linting processes and ensure compliance with their policies.
Chronology
- Bug reported regarding invalid countryName in certificate.
- Certificate revoked and investigation initiated.
- Initial findings indicate misconfiguration during data center migration.
- GlobalSign commits to deeper review and updates to configuration.
- Remedial activities concluded and monitoring processes implemented.
Participants
Michel Le Bihan
Eva Van Steenberge
Ryan Sleevi
Arvid Vermote
Matthias
External References
Similar Local Cases
GlobalSign: Invalid stateOrProvinceName and locality pair
GlobalSign: Invalid stateOrProvinceName value
GlobalSign: Failure to revoke noncompliant ICA within 7 days
GlobalSign: Failure to revoke noncompliant certificates within 5 days
GlobalSign: Failure to revoke noncompliant ICA within 7 days
GlobalSign: Untimely revocation of TLS certificate after submission of private key compromise
GlobalSign: Incorrect OCSP Delegated Responder Certificate
KIR S.A.: CN domain not in SAN