← Sectigo cases
Bugzilla #1796803
Certificate Problem Report
Sectigo: Issuance of ECC leaf certificates with non-DER encoded keyUsage
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified an issue with ECC leaf certificates that contained an incorrect number of unused bits in their keyUsage BITSTRINGs. Upon discovery, they promptly upgraded their preissuance linting system to prevent further misissuance. A comprehensive incident report is expected, detailing the scope of the problem and the measures taken to rectify it. The affected certificates were not revoked within the usual timeframe, leading to a separate bug being opened for further explanation.
Chronology
- Sectigo discovers issue with ECC leaf certificates.
- Sectigo accelerates upgrade of preissuance linting system.
- Sectigo provides updates on affected certificates.
- Discussion on closing the bug due to lack of further questions.
Participants
Rob Stradling
Ben Wilson
Ryan Dickson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Sectigo: Failure to revoke ECC certificates with non-DER encoded keyUsage within 5 days
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: HTML encoded characters in subject attribute values
Sectigo: Certificates with RSA keys where modulus is not divisible by 8
Sectigo: S/MIME certificates with (null) string value in subject attributes
Sectigo: Non-existent hostname in CDP and AIA URLs
Sectigo: Incorrectly included registrationStateOrProvince in PSD-based cabfOrganizationIdentifier extension
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value