← Autoridad de Certificacion Firmaprofesional cases
Bugzilla #1771715
Certificate Problem Report
Firmaprofesional: 2022 - StateorProvince field
RESOLVED
FIXED
Autoridad de Certificacion Firmaprofesional
AI Summary
Firmaprofesional identified issues with the 'stateOrProvince' field in some of its certificates, where the values did not match the actual provinces. The problem was first noted during an eIDAS audit on May 30, 2022. Following this, the CA took immediate steps to analyze the impact on TLS certificates and decided to revoke affected certificates within five days. By June 3, all problematic TLS certificates had been revoked. Firmaprofesional is implementing technical controls to prevent similar issues in the future, including the potential removal of the 'stateOrProvince' field from TLS certificates.
Chronology
- Issue identified during eIDAS audit.
- Decision made to revoke affected certificates.
- All affected TLS certificates revoked.
Participants
Maria Jose Prieto
External References
Similar Local Cases
Firmaprofesional: 2022 - SSL certificates issued with wrong Organization ID number
Firmaprofesional: Failure to revoke ICAs within 7 days: OCSP EKU
Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy
Firmaprofesional: Delayed preliminary response under BR 4.9.5 (Bug #2009941)
Firmaprofesional: Delayed revocation disclosure of TLS Subordinate CA certificate Secure Web 2024 in CCADB
Firmaprofesional: Incorrect publication of information for "Test Website - Revoked" URL in the CCADB.
Firmaprofesional: Non-audited, non-technically-constrained intermediate certificates