← SwissSign AG cases
Bugzilla #1860750 Certificate Misissuance

SwissSign: EV code in JurisdiktionStateOrProvinceName

RESOLVED FIXED SwissSign AG
AI Summary

SwissSign AG identified a compliance issue regarding the use of ISO 3166-2 codes instead of the full names for the 'jurisdictionStateOrProvinceName' field in their EV certificates. This misissuance was discovered during an internal review initiated by an employee's query. Although the certificates were deemed non-compliant with EV Guidelines, the risk to the ecosystem was assessed as low since consumers typically do not scrutinize this field. SwissSign has since implemented corrective actions, including revocation of affected certificates and adjustments to their issuance processes.

Model: gpt-4o-mini Generated: 2026-06-13 20:49 UTC Confidence: 0.90
Chronology
  1. Internal employee raises question about EV jurisdictionStateOrProvinceName field
  2. Product manager discovers non-compliance and compliance incident raised
  3. Bugzilla posted and corrective actions initiated
Participants
raffaela.achermann@swisssign.com dzacharo@harica.gr roman.fischer@swisssign.com ryandickson@google.com bwilson@mozilla.com
External References
Original Bugzilla Case bugzilla.mozilla.org repository.swisssign.com www.ccadb.org bugzilla.mozilla.org
Related Bugzilla IDs Mentioned
#1861682
Similar Local Cases
#1888060 RESOLVED Certificate Misissuance Opened 2024-03-27 · Closed 2025-03-05 · 55% similar
GDCA: Issuance of SSL/TLS certificates with Non-critical Basic Constraints
AI Summary CA Owner
#1927384 RESOLVED Certificate Misissuance Opened 2024-10-28 · Closed 2025-01-29 · 54% similar
iTrusChina: Issuance of certificates using keys previously reported as compromised
AI Summary CA Owner
#1866091 RESOLVED Certificate Misissuance Opened 2023-11-22 · Closed 2023-12-11 · 54% similar
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation
AI Summary CA Owner
#1895006 RESOLVED Certificate Misissuance Opened 2024-05-03 · Closed 2024-08-23 · 53% similar
IdenTrust: unintended creation of a Root CA certificate
AI Summary CA Owner
#1736064 RESOLVED Certificate Misissuance Opened 2021-10-15 · Closed 2023-02-22 · 53% similar
Sectigo: Subject field with unvalidated information included in certificates
AI Summary CA Owner
#1506607 RESOLVED Certificate Misissuance Opened 2018-11-12 · Closed 2023-02-22 · 53% similar
SwissSign: Misissuance of Intermediate Certificates because of incorrect organizationIdentifier
AI Summary CA Owner
#1569651 RESOLVED Certificate Misissuance Opened 2019-07-29 · Closed 2023-02-22 · 53% similar
SwissSign: Misissuance of Leaf Certificates because of incorrect postcode
AI Summary CA Owner
#1473971 RESOLVED Certificate Misissuance Opened 2018-07-06 · Closed 2023-02-22 · 52% similar
SwissSign: Domain validated certificate but with stateOrProvinceName
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action