← GoDaddy cases
Bugzilla #1777128
Certificate Misissuance
GoDaddy: Misissuance of Cross Signed Certs
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy reported the misissuance of two cross certificates on June 22, 2022, which incorrectly used generalizedTime encoding instead of the required UTCTime encoding. This violation of Baseline Requirements was identified through internal linter checks shortly after the certificates were generated. The misissued certificates were revoked on June 27, 2022, and GoDaddy has since updated their certificate generation process to prevent future occurrences. The issue was isolated to these two certificates, and no subscriber certificates were affected.
Chronology
- Misissued two cross certificates with incorrect time encoding
- Revoked the misissued certificates
- Reported the issue in Bugzilla
- Completed updates to the certificate generation process
Participants
daryn@godaddy.com
brittany@godaddy.com
jcristau@mozilla.com
release-mgmt-account-bot@mozilla.tld
bwilson@mozilla.com
External References
Similar Local Cases
GoDaddy: Edge Case for Data Reuse Outside of Timeframes
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID
GoDaddy: Random Value Vulnerability in Domain Validation Method
GoDaddy: Improper DER results in failure to comply with RFC 5280 - Invalid characters in PrintableString
Camerfirma: certificate with an incorrect OrganizationName
Sectigo: Subject field with unvalidated information included in certificates
HARICA: S/MIME certificate issuance with incorrect commonName
GoDaddy: Issued EV Wildcard Certificate