← SSL.com cases
Bugzilla #1790693
Certificate Problem Report
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list.
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com reported an incident involving the issuance of an Extended Validation (EV) TLS certificate using a Registration/Incorporation Agency (IA) not listed in their approved public list. The issue was discovered during an internal review, leading to the revocation of the certificate on September 18, 2022. SSL.com has since implemented policy controls to ensure compliance with the approved IA list and conducted a thorough investigation, confirming no other affected certificates. The case has been resolved with updates provided throughout the process.
Chronology
- Initial Bugzilla report filed.
- Affected certificate revoked.
- Final incident report delivered.
- Bug closed.
Participants
secauditor@ssl.com
bwilson@mozilla.com
External References
Similar Local Cases
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
SSL.com: Failure to process CAA records from one SubCA
SSL.com: Delayed revocation of certificate with weak key
SSL.com: CAA Empty set handling results in Wildcard issuance
SSL.com: Incorrect Open MPIC Lambda implementation by EJBCA ACME Service
SSL.com: Intermediate certificate not listed in audit reports