← Telia Company cases
Bugzilla #1738207
Certificate Problem Report
Telia: Issued three precertificates with non-NIST EC curve
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company issued three precertificates using a non-NIST elliptic curve, which violated their internal policy. The issue was identified during a routine audit, leading to the immediate revocation of the precertificates. The root cause was traced to a misconfiguration in their CA policy settings, which has since been corrected. Telia has implemented a pre-linting solution to prevent similar issues in the future, ensuring compliance with certificate issuance standards.
Chronology
- Customer attempted to issue a certificate with a non-NIST EC curve.
- Issue discovered during internal audit; three precertificates revoked.
- Root cause identified and CA policy configuration fixed.
- Pre-linting solution implemented to prevent similar issues.
Participants
pekka.lahtiharju@teliasonera.com
ryandickson@google.com
bwilson@mozilla.com
External References
Similar Local Cases
Telia: Invalid email contact address was used for few domains
Telia: Certificates with RSA keys where modulus is not divisible by 8
Telia: Delayed revocation of 5 EE certificates in connection to id=1736020
Telia: AIA CA Issuer field pointing to PEM encoded cert
Telia: Two Intermediate CA certificates not listed in audit report
CFCA: The wrong status of OCSP
Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates
Telia: Disallowed curve (P-521) in leaf certificate