← SSL.com cases
Bugzilla #1719916
Certificate Problem Report
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com reported a misissuance of an EV TLS certificate due to an incorrect 'O' field value. The issue was first identified by a third party and led to an internal investigation. SSL.com took immediate corrective actions, including revocation of the incorrect certificate and implementation of improved validation controls to prevent future occurrences. A thorough review of potentially impacted certificates was conducted, resulting in the identification of one additional similar case. The investigation concluded with no further discrepancies found.
Chronology
- Two-person validation completed for EV TLS certificate issuance.
- Issue reported by third party; investigation initiated.
- Certificate revoked.
- Review of target population completed; no further similar cases found.
- Final report on the issue submitted.
Participants
secauditor@ssl.com
ryan.sleevi@gmail.com
bwilson@mozilla.com
External References
Similar Local Cases
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list.
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate
SSL.com: CAA Empty set handling results in Wildcard issuance
SSL.com: Failure to process CAA records from one SubCA
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
SSL.com: Delayed revocation of certificate with weak key
SSL.com: DCV bypass and issue fake certificates for any MX hostname