← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1708965
Certificate Problem Report
KIR S.A.: Certificates issued greater than stated in CPS
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
Krajowa Izba Rozliczeniowa S.A. (KIR) identified an issue where certificates were issued with a validity period that exceeded the maximum stated in their Certification Practice Statement (CPS). Specifically, certificates had a validity period of 1 year plus 1 second, contrary to the updated CPS limit of 398 days. KIR became aware of the issue through internal audits and third-party reports. They have since ceased issuing such certificates and are in the process of replacing the affected certificates, with a commitment to resolve the situation promptly.
Chronology
- BR update - Certificates issued SHOULD NOT have a Validity Period greater than 397 days.
- CPS review started related to Bug 1705904.
- KIR informed by third-party about the issue.
- New CPS published limiting validity period to 398 days.
Participants
Piotr Grabowski
Ryan Sleevi
Jesper Kristensen
Brett Wilson
External References
Similar Local Cases
KIR S.A.: Invalid organizationName
KIR S.A.: CN domain not in SAN
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName
KIR S.A.: Many certificates with OCSP Unknown
KIR: Failure to disclose intermediate certificate within 7 days in ccadb
KIR: Failure to disclose intermediate certificate within 7 days in ccadb
Let's Encrypt: certificate lifetimes 90 days plus one second