← SwissSign AG cases
Bugzilla #1851164
Certificate Misissuance
SwissSign: S/MIME wrong key Usage
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a mis-issuance of S/MIME certificates due to incorrect key usage settings. The issue was identified during an internal review shortly after the launch of a new sponsor-validated profile. A total of 106 certificates were mis-issued, with 102 still valid and 4 revoked. The CA promptly halted further issuance upon detection of the problem and has since revoked all affected certificates. Steps are being taken to improve communication and implement automated testing to prevent future occurrences.
Chronology
- Going live with new sponsor-validated S/MIME certificates
- Internal review detects mis-issuance
- Bugzilla report posted
Participants
Mike Guenther
Roman Fischer
B Wilson
External References
Similar Local Cases
SwissSign: S/MIME certificates deviate from CPR
SwissSign: MPKI step-up process sets wrong JoI Locality
SwissSign: S/MIME LCP: CN with values other than email address
SwissSign: Missed revocation and opening Bugzilla
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: wrong address in EV certificate
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation
SwissSign: Certificate with key length 4098 bit