← certSIGN cases
Bugzilla #1762707
Certificate Misissuance
certSIGN: Subscriber precertificate without Certificate Policies
RESOLVED
FIXED
certSIGN
AI Summary
certSIGN identified a misissued pre-certificate that lacked the required Certificate Policies section due to a bug in their CA software update. The issue was detected shortly after issuance on March 30, 2022, and the pre-certificate was revoked within 24 hours. The CA has since corrected the software bug and implemented measures to prevent future occurrences. Continuous monitoring of certificate issuance is ongoing, with updates provided to stakeholders.
Chronology
- Certificate for OV SSL issued with error
- Internal investigation started
- Analysis on process improvement started
- Issue reported as Bugzilla bug 1762707
- Planned update deployed in production environment
Participants
Michel Le Bihan
Gabriel Petcu
Valentin Necoara
Ben Wilson
External References
Similar Local Cases
certSIGN: misissued an OV SSL certificate with no organizationName and localityName, instead of a DV SSL as requested by client
Sectigo: Invalid stateOrProvinceName
certSIGN: "Some-State" in stateOrProvinceName
Sectigo: Incorrect inclusion of DBA name
TWCA: CA certificate without EKU
SwissSign: Mis-Issuance of S/MIME certificates
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD