← GoDaddy cases
Bugzilla #1731939
Certificate Misissuance
GoDaddy: Issued EV Wildcard Certificate
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy issued an Extended Validation (EV) wildcard certificate on September 16, 2021, which violated the guidelines prohibiting such certificates. The issue was discovered on September 20, 2021, leading to an immediate investigation and subsequent revocation of the certificate. GoDaddy implemented several corrective measures, including disabling the acceptance of EV wildcard requests and enhancing their auditing processes to prevent future occurrences. All mitigation strategies have been completed, and the case is now resolved.
Chronology
- EV wildcard certificate issued
- Issue discovered and escalated
- Certificate revoked
- Mitigation strategies communicated and implemented
Participants
Brittany Randall
External References
Similar Local Cases
GoDaddy: Random Value Vulnerability in Domain Validation Method
GoDaddy: Misissuance of Cross Signed Certs
GoDaddy: Edge Case for Data Reuse Outside of Timeframes
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
SwissSign: Domain validated certificate but with stateOrProvinceName
SwissSign: S/MIME LCP: CN with values other than email address
SECOM: Mis-issued EV Certificates
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ)