← Sectigo cases
Bugzilla #1736064 Certificate Misissuance

Sectigo: Subject field with unvalidated information included in certificates

RESOLVED FIXED Sectigo
AI Summary

Sectigo identified a misissuance issue where OV and EV certificates contained the postOfficeBox subject field, which is not compliant with the EV Guidelines. The problem was discovered during an internal code review, leading to the revocation of 453 affected certificates. A code fix was deployed to prevent future issuance of such certificates. The affected certificates were scheduled for revocation on October 16, 2021, and the issue has since been resolved with the implementation of stricter validation checks.

Model: gpt-4o-mini Generated: 2026-06-13 20:57 UTC Confidence: 1.00
Chronology
  1. Internal code review reveals potential to issue certificates with postOfficeBox.
  2. Fix deployed.
  3. Investigation of corpus of certificates begins.
  4. Revocation of all affected certificates scheduled.
  5. Allowed Subject Fields release went live.
Participants
Tim Callan darkkiller@gmail.com matthias@thisisntrocket.science ryan.sleevi@gmail.com bwilson@mozilla.com
External References
Original Bugzilla Case
Similar Local Cases
#1711432 RESOLVED Certificate Misissuance Opened 2021-05-17 · Closed 2023-02-22 · 67% similar
Telekom Security: Certificate with invalid FQDN
AI Summary CA Owner
#1712120 RESOLVED Certificate Misissuance Opened 2021-05-20 · Closed 2023-02-22 · 64% similar
Sectigo: Inappropriate subject:serialNumber information in EV certificates obtained through ACME
AI Summary CA Owner
#1720744 RESOLVED Certificate Misissuance Opened 2021-07-15 · Closed 2023-02-22 · 64% similar
Sectigo: State name in localityName
AI Summary CA Owner
#1741026 RESOLVED Certificate Misissuance Opened 2021-11-13 · Closed 2023-02-22 · 64% similar
Sectigo: Incorrect JOI for federal credit unions
AI Summary CA Owner
#1715929 RESOLVED Certificate Misissuance Opened 2021-06-11 · Closed 2023-02-22 · 63% similar
Sectigo: Incorrect EV businessCategory
AI Summary CA Owner
#1710243 RESOLVED Certificate Misissuance Opened 2021-05-08 · Closed 2023-02-22 · 61% similar
Sectigo: Invalid stateOrProvinceName
AI Summary CA Owner
#1782356 RESOLVED Certificate Misissuance Opened 2022-07-30 · Closed 2023-02-22 · 61% similar
Sectigo: Misspelled city name in localityName field
AI Summary CA Owner
#1678720 RESOLVED Certificate Misissuance Opened 2020-11-20 · Closed 2023-02-22 · 58% similar
SSL.com: Wildcard DV certificate issued with a non-validated domain name
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action