← Sectigo cases
Bugzilla #1724458
Certificate Problem Report
Sectigo: Mojibake in certificate Subject fields
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified an issue where certificates contained Mojibake in Subject fields due to encoding errors. The problem was first discovered during an internal investigation on July 12, 2021, leading to the revocation of 41 affected certificates. Sectigo implemented a Character Set Review process to mitigate future occurrences and has since made several updates, including the introduction of an Exception List for commonly used words. The issue has been resolved with the deployment of automated checks to prevent misissuance.
Chronology
- Internal investigation reveals Mojibake in Subject fields.
- All known affected certificates revoked.
- Character Set Review process goes live.
- Mojibake exception list functionality deployed.
- Automatic pre-issuance check for disallowed Unicode characters deployed.
- Automated solution for blocking misissuance implemented.
Participants
Tim Callan
Ryan Sleevi
Nikola Maksimovic
Ben Wilson
External References
Similar Local Cases
Sectigo: Misspellings in stateOrProvince or localityName fields
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: CPR response issues
Sectigo: ZeroSSL: failure to revoke within 24 hours
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: Inadequate DCV