← SwissSign AG cases
Bugzilla #1731586
Certificate Misissuance
SwissSign: Certificate with key length 16258
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG identified a mis-issued S/MIME certificate with a key length of 16258 during an internal review, which violates Mozilla's root store policy. The issue was detected on September 20, 2021, leading to immediate corrective actions, including an emergency configuration change. The certificate was revoked on September 22, 2021, and additional controls were implemented to prevent similar incidents in the future. The root cause was attributed to human error during the configuration process.
Chronology
- Mis-issued certificate detected during internal review
- Certificate revoked
- Additional controls implemented
Participants
Mike Guenther
Matthias
Ben Wilson
External References
Similar Local Cases
SwissSign: Certificate with key length 4098 bit
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: S/MIME LCP: CN with values other than email address
SwissSign: Misissuance with mispellings in Location for a number of Certificates
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier
SwissSign: S/MIME LCP not-permitted key usage
SwissSign: wrong address in EV certificate
SwissSign: LDAP URL still in CRL distribution point (CDP)