← Government of Hong Kong (SAR), Hongkong Post, Certizen cases
Bugzilla #1836694
Certificate Misissuance
Hongkong Post: Invalid EV cert businessCategory
RESOLVED
FIXED
Government of Hong Kong (SAR), Hongkong Post, Certizen
AI Summary
The Hongkong Post issued an Extended Validation (EV) certificate to Tung Wah Group of Hospitals with an incorrect business category labeled as 'Government Entity'. This categorization was challenged as Tung Wah is a private organization established by legislation, not a government department. The CA acknowledged the misissuance and initiated a corrective process, including reissuing the certificates with the correct designation of 'Private Organization'. The issue has been fully remediated, and measures have been implemented to prevent recurrence.
Chronology
- Bug reported regarding incorrect business category on EV certificate.
- CA identified the problem and began remediation.
- CA deployed changes to correct the business category.
- CA confirmed full remediation of the issue.
Participants
lee_yiu_chung@yahoo.com
manho@certizen.com
rob@sectigo.com
bwilson@mozilla.com
External References
Similar Local Cases
CFCA: certificate with an incorrect OrganizationName
iTrusChina: Issuance of certificates using keys previously reported as compromised
IdenTrust: unintended creation of a Root CA certificate
Hongkong Post / Certizen: Failure to report misissuance
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
NAVER Cloud Trust Services: DV Certificate issued with improperly validated
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID
SSL.com: Wildcard DV certificate issued with a non-validated domain name