← Asseco Data Systems S.A. cases
Bugzilla #1409766 Certificate Misissuance

Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record

RESOLVED FIXED Asseco Data Systems S.A.
AI Summary

This case involved a misissuance of a certificate by Certum for the domain www.gazebear.online, which was a CNAME pointing to a domain with a restrictive CAA record. Certum issued the certificate despite the CAA record indicating that issuance should not occur. The issue was reported on October 16, 2017, and Certum acknowledged problems with CAA checking for subdomains. They implemented a fix and improved their CAA validation process, which was fully operational by September 11, 2018. The case was resolved with no further misissuances detected.

Model: gpt-4o-mini Generated: 2026-06-13 17:37 UTC Confidence: 0.90
Chronology
  1. Issue reported to Certum
  2. Automated CAA verification improvements deployed
Participants
Quirin Scheitle Wojciech Trapczyński Gervase Markham Arkadiusz Lawniczak Wayne Thayer Ryan Sleevi
External References
Original Bugzilla Case crt.sh dnsviz.net github.com
Similar Local Cases
#1420860 RESOLVED Certificate Misissuance Opened 2017-11-27 · Closed 2023-02-22 · 70% similar
Asseco DS / Certum: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN
AI Summary CA Owner
#1409764 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 60% similar
Asseco DS / Certum: CAA mis-issuance on critical flag and unknown CAA tag
AI Summary CA Owner
#1435770 RESOLVED Certificate Misissuance Opened 2018-02-05 · Closed 2023-02-22 · 59% similar
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
AI Summary CA Owner
#1462423 RESOLVED Certificate Misissuance Opened 2018-05-17 · Closed 2023-02-22 · 57% similar
NetLock: CN not in SAN
AI Summary CA Owner
#1428877 RESOLVED Certificate Misissuance Opened 2018-01-08 · Closed 2023-02-22 · 57% similar
SwissSign: Invalid DNSName in SAN
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 57% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1551375 RESOLVED Certificate Misissuance Opened 2019-05-14 · Closed 2023-02-22 · 56% similar
certSIGN: "Some-State" in stateOrProvinceName
AI Summary CA Owner
#1369359 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 56% similar
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action