← GlobalSign nv-sa cases
Bugzilla #1782391
Certificate Misissuance
GlobalSign: EV certificate with wildcard domain in common name and SAN
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign issued an EV TLS certificate that incorrectly included a wildcard domain in both the common name and SAN fields. The issue was identified on July 30, 2022, following a system notification. An investigation confirmed the mis-issuance, leading to a series of corrective actions including revocation of the certificate and implementation of additional validation checks to prevent future occurrences. The problem stemmed from a code bug that allowed the wildcard to pass initial validation due to whitespace in the common name field. Remedial measures have been completed, and monitoring processes have been enhanced.
Chronology
- Certificate warning message received.
- Investigation started by compliance team.
- Confirmed mis-issuance and initiated replacement process.
- Certificate revoked.
- Latest platform release deployed, concluding remedial activities.
Participants
Christophe Bonjean
B. Wilson
External References
Similar Local Cases
GlobalSign: TLS OV Certificate containing unverified information
GlobalSign: Issuance of test certificate (pre-certificate) for EV SSL/QWAC with no EKU extension
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName
GlobalSign: Incorrect RegNumber-Org Type combination
GlobalSign: 4 Misissued certificates with invalid CN
GlobalSign: Use of Domain Validation Random Value for more than 30 days
ACCV: Certificates issued with cRLIssuer in CDP extension
Globalsign / AlphaSSL: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN