← Google Trust Services LLC cases
Bugzilla #1809864 Certificate Misissuance

Google Trust Services: Mis-issued certificates for citi.com subdomain due to lack of CAA record checking

RESOLVED INVALID Google Trust Services LLC
AI Summary

Google Trust Services LLC issued two certificates for the subdomain bt-preview.citicards.citi.com despite an existing CAA record that should have prevented this. The certificates were revoked at the request of Citi. An investigation revealed that the CAA record was in place at the time of issuance, suggesting a potential misconfiguration by someone with control over the DNS settings. Google Trust Services concluded that their issuance process was compliant with the relevant standards and closed the case as invalid.

Model: gpt-4o-mini Generated: 2026-06-13 21:33 UTC Confidence: 0.90
Chronology
  1. Initial report of mis-issued certificates
  2. Google Trust Services concluded investigation
  3. Google Trust Services proposed to close the case as invalid
  4. Citi confirmed closure of the matter
Participants
Mark Penny James Longmore
External References
Original Bugzilla Case crt.sh www.rfc-editor.org wiki.mozilla.org pki.goog
Similar Local Cases
#1532842 RESOLVED Certificate Misissuance Opened 2019-03-06 · Closed 2023-02-22 · 49% similar
Google Trust Services: 63 bit serial numbers in some certificates
AI Summary CA Owner
#1724520 RESOLVED Certificate Misissuance Opened 2021-08-06 · Closed 2023-02-22 · 41% similar
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
AI Summary CA Owner
#1876771 RESOLVED Certificate Misissuance Opened 2024-01-26 · Closed 2024-02-08 · 40% similar
SwissSign: modified fields were not saved into certificates and resulted in miss-issuance
AI Summary CA Owner
#1785865 RESOLVED Certificate Misissuance Opened 2022-08-18 · Closed 2024-05-09 · 40% similar
NAVER Cloud Trust Services: DV certificate issued with no subject alternative name extension
AI Summary CA Owner
#1908128 RESOLVED Certificate Misissuance Opened 2024-07-16 · Closed 2024-08-28 · 40% similar
NAVER Cloud Trust Services: Certificate issued with incorrect OCSP URI in AIA
AI Summary CA Owner
#1552586 RESOLVED Certificate Misissuance Opened 2019-05-17 · Closed 2023-02-22 · 40% similar
GlobalSign: 4 Misissued certificates with invalid CN
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 40% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1409766 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2023-02-22 · 40% similar
Asseco DS / Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action