← Sectigo cases
Bugzilla #1721271
Certificate Problem Report
Sectigo: Missing registration numbers in EV certificates
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified a problem with 47 EV certificates that were misissued due to missing registration numbers. The issue was reported by another CA on June 11, 2021, prompting an investigation that concluded with the revocation of the misissued certificates on June 16, 2021. The lack of an automated check for registration numbers against qualified information sources contributed to the error. Sectigo has since committed to implementing a QGIS matching project to prevent future occurrences, with a target deployment date of October 30, 2021.
Chronology
- Received report of 332 misissued certificates.
- Revoked 47 misissued certificates.
- Target deployment date for QGIS matching project.
Participants
Tim Callan
Ryan Sleevi
External References
Similar Local Cases
Sectigo: Mojibake in certificate Subject fields
Sectigo: Inadequate DCV
Sectigo: Misspellings in stateOrProvince or localityName fields
Sectigo: Incorrect locality information
Sectigo: DCV Reuse after 825 days
Sectigo: Failure to block disallowed LDH labels in domain names
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: CPR response issues