← Certigna cases
Bugzilla #1709896
Certificate Misissuance
Certigna: certificates issued with 2 SCT
RESOLVED
INVALID
Certigna
AI Summary
Certigna issued 126 SSL certificates with only 2 Signed Certificate Timestamps (SCTs), failing to comply with Apple's requirement for certificates with a lifetime between 181 and 398 days to include 3 SCTs. The issue was identified on May 6, 2021, following a tweet that highlighted the non-compliance. Certigna halted the issuance of SSL certificates upon confirming the problem and is working on replacing the non-compliant certificates. While some participants noted that this may not constitute a compliance failure, Certigna is committed to rectifying the situation and improving their processes to prevent future occurrences.
Chronology
- Problem identified and reported to technical teams
- Halted SSL certificate issuance
- Communication with registration authority to stop validation
- Deployment of changes to comply with SCT requirements
Participants
Josselin Allemandou
Rob
Clint
Andrew
Ryan Sleevi
External References
Similar Local Cases
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
Certigna: TLS certificates with Basic constraint non-critical
Certigna: Issuance without respecting CAA records
E-Tugra: Invalid DER results in failure to comply with RFC 5280 - Violating string length limit
Sectigo: Incorrect EV businessCategory
DigiCert: Domain validation skipped
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD