← GlobalSign nv-sa cases
Bugzilla #1759854
Certificate Problem Report
GlobalSign: Certificate issued to FQDN with malformed CAA
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign issued a DV TLS certificate for the domain unither.com, which contained a malformed CAA record that violated RFC 8659. The issue was reported on March 16, 2022, leading to an investigation that confirmed the misissuance of this certificate and 28 others. Remedial actions were taken, including revocation of the affected certificates and improvements to CAA verification logic. The case was resolved on April 7, 2022, after all necessary actions were completed.
Chronology
- Certificate problem report received
- Investigation confirmed misissued certificates
- All remedial activities completed
Participants
Christophe Bonjean
Ryan Sleevi
B. Wilson
External References
Similar Local Cases
GlobalSign: Organization-validated SMIME certificate with invalid organizationIdentifier for European country
GlobalSign: OCSP responder certificates with more than 64 characters in CN
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8
GlobalSign: CRLs reported in CCADB unavailable
GlobalSign: EV TLS certificate with only metadata in JOI State field
GlobalSign: Incorrect OCSP Delegated Responder Certificate
GlobalSign: Failure to revoke noncompliant certificates within 5 days
GlobalSign: misalignment of CRL URL in CCADB with issued certificates