← Asseco Data Systems S.A. cases
Bugzilla #1709392
Certificate Problem Report
Asseco DS / Certum: Invalid stateOrProvinceName field (recurrent incident)
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. (Certum) faced issues with certificates containing invalid 'stateOrProvinceName' fields, leading to a recurrent incident. The problem was first reported on May 4, 2021, and involved multiple certificates, some issued before and others after a related bug was filed. Certum acknowledged the issue and took steps to improve their validation processes, including implementing two-party verification and automated address verification. They also committed to revoking affected certificates and enhancing their quality control measures.
Chronology
- Initial report of invalid stateOrProvinceName fields.
- Certum began analysis and confirmed the need for revocation of affected certificates.
- Revocation of five certificates with invalid fields.
- Revocation of additional certificates identified during further analysis.
Participants
George [:fozzie]
Aleksandra Kurosz
Ryan Sleevi
Michel Le Bihan
External References
Similar Local Cases
Asseco DS / Certum: Failure to provide a preliminary report within 24 hours.
Asseco DS / Certum: Incorrect localityName
Asseco DS / Certum: Incorrect localityName
Asseco DS / Certum: Failure to revoke within 5 days
Asseco DS / Certum: Failure to revoke intermediate certificates within the BR time period
Asseco DS / Certum: Invalid stateOrProvinceName field
KIR S.A.: Invalid organizationName
DigiCert: Invalid localityName