← GlobalSign nv-sa cases
Bugzilla #1836443
Certificate Misissuance
GlobalSign: Issuance of test certificate (pre-certificate) for EV SSL/QWAC with no EKU extension
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign issued a test EV SSL/QWAC pre-certificate without the necessary EKU extension due to a human error during the setup of a new service. The issue was identified by their post linter, leading to an immediate investigation and revocation of the mis-issued certificate. The incident was resolved with a full report provided by June 6, 2023, detailing the timeline and corrective actions taken. No certificate issuance to consumers had begun for the affected public CA at the time of the error.
Chronology
- Begin setup of profile for issuance for new service.
- Test certificate issuance occurred from public CA.
- Post linter reported mis issuance.
- Investigation started by compliance team.
- Revocation requested for pre-certificate.
- Pre-certificate revoked.
- Investigation fully completed.
Participants
Christophe Bonjean
Brett Wilson
External References
Similar Local Cases
GlobalSign: EV certificate with wildcard domain in common name and SAN
GlobalSign: TLS OV Certificate containing unverified information
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31
GlobalSign: Incorrect RegNumber-Org Type combination
GlobalSign Partner: No SAN
GlobalSign: AT&T SSL certificates without the AIA extension
GlobalSign: 4 Misissued certificates with invalid CN