← SwissSign AG cases
Bugzilla #1848854
Certificate Misissuance
SwissSign: S/MIME LCP: CN with values other than email address
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG identified a mis-issuance issue involving S/MIME certificates where the Common Name (CN) contained values other than email addresses. The problem was first reported by a customer on August 14, 2023, leading to an immediate investigation and subsequent emergency measures to halt further mis-issuances. A total of 300 mis-issued certificates were identified, with corrective actions including revocation and system improvements to prevent future occurrences. The issue was resolved with the implementation of a new S/MIME linter and enhanced validation processes.
Chronology
- Customer reported issue to SwissSign support.
- Emergency measures implemented to stop further mis-issuances.
- All affected certificates revoked.
- Patch to include external S/MIME linter deployed.
- Remediation confirmed complete.
Participants
Mike Guenther
Roman Fischer
Ben Wilson
External References
Similar Local Cases
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: Certificate with key length 16258
SwissSign: Missed revocation and opening Bugzilla
SwissSign: S/MIME wrong key Usage
SwissSign: Misissuance with mispellings in Location for a number of Certificates
SwissSign: Certificate with key length 4098 bit
SwissSign: S/MIME certificates deviate from CPR
SwissSign: S/MIME LCP not-permitted key usage