← Government of Hong Kong (SAR), Hongkong Post, Certizen cases
Bugzilla #1804843
Certificate Problem Report
Hongkong Post: Subject CN converted to Unicode representation incident
RESOLVED
FIXED
Government of Hong Kong (SAR), Hongkong Post, Certizen
AI Summary
The Hongkong Post CA identified an issue where TLS certificates with Chinese domain names were incorrectly encoded, leading to zlint errors. Upon receiving a report, the CA promptly investigated and confirmed the problem, which affected eight certificates. They halted the issuance of new certificates with Chinese domain names and initiated a remediation process, including revocation of the affected certificates. The CA has since implemented an enhancement to their linting process to prevent similar issues in the future.
Chronology
- Received report of zlint error for a TLS certificate.
- Confirmed the encoding issue and triggered incident reporting.
- Deployed a fix and began re-issuing affected certificates.
- Revoked all concerned TLS certificates.
- Implemented enhancement for pre-certificate linting.
Participants
Man Ho
External References
Similar Local Cases
Hongkong Post: Certificates with invalid embedded SCT signature
Hongkong Post: TLS certificates with basicConstraints not marked as critical
Hongkong Post: Delayed response to CPR
Hongkong Post: TLS certificates with Certificate Policies extension that does not assert http scheme
Hongkong Post e-Cert CA 1 - 10 issuing certificates without subject alternative name extension
QuoVadis: BR Error - san dns name starts with period
Sectigo: Inadequate DCV
Telia: AIA CA Issuer field pointing to PEM encoded cert