← Apple Inc. cases
Bugzilla #1777757
Certificate Misissuance
Apple: EV TLS pre-certificates issued without EKU extension
RESOLVED
FIXED
Apple Inc.
AI Summary
On July 1, 2022, Apple Public CA issued two EV TLS pre-certificates without an Extended Key Usage (EKU) extension, violating Baseline Requirements. The certificates were revoked shortly after issuance, and Apple identified a bug in their deployment process that led to this misconfiguration. A series of corrective actions were taken, including the implementation of a fix from their software vendor. The issue has since been resolved, and the CA continues to monitor for any further questions.
Chronology
- Two EV TLS pre-certificates issued without EKU extension.
- Certificates revoked after identification of the issue.
- Production environment upgraded to include the fix for the bug.
Participants
Apple CA
Mozilla
External References
Similar Local Cases
IdenTrust: Issuance of Subordinate CA’s Without EKU
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: test certificates inadvertently published in production environment
IdenTrust: Mis-Issued EV Certificates
NAVER Cloud Trust Services: Incorrect keyUsage for ECC certificate
Let's Encrypt: Mis-issued certificates related to SC48v2
FNMT: LDAP URI in CRL Distribution Points Extension
SHA-1 issuance by DocuSign root