← SSL.com cases
Bugzilla #1850171
Certificate Misissuance
SSL.com: S/MIME certificates issued prior to validation
RESOLVED
FIXED
SSL.com
AI Summary
SSL.com reported the issuance of 9 S/MIME certificates before the completion of the validation process. The issue was identified during routine validation tasks, prompting an internal investigation and subsequent actions to halt further mis-issuances. A root cause analysis revealed that reliance on a single developer for acceptance testing contributed to the incident. The software engineering team implemented fixes to prevent future occurrences, and all affected certificates were revoked by August 23, 2023.
Chronology
- Update of RA Portal for human review of identity validations
- Validation team noticed mis-issuance of certificates
- Revocation of all affected certificates completed
- Issue fully rectified and preventative measures implemented
Participants
secauditor@ssl.com
bwilson@mozilla.com
External References
Similar Local Cases
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
SSL.com: Issuance of TLS certificates with domain validation methods prohibited by SC-45
SSL.com: Wildcard DV certificate issued with a non-validated domain name
SSL.com: Issuance of one Sponsored-Validated S/MIME certificate with organization information in givenName and surName of the subjectDN
Financijska agencija (Fina): Mis-issued certificates
GDCA: Incorrect Value in organizationName Field
Telekom Security: Certificate with invalid FQDN
GoDaddy: Edge Case for Data Reuse Outside of Timeframes