← D-TRUST cases
Bugzilla #1861069
Certificate Problem Report
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust issued 17 DV certificates containing the 'serialNumber' field in the subject, which is an internal reference number. After identifying the issue, D-Trust halted DV certificate production, analyzed the situation, and corrected the DV profile. They revoked 15 certificates by the deadline, while 2 were revoked by customers prior to the incident's discovery. One certificate was not revoked on time, prompting further investigation. The root cause was a misinterpretation of the Baseline Requirements, leading to the incorrect inclusion of the 'serialNumber' field.
Chronology
- Entry into force of the provisions from Ballot SC62
- Preparation of new DV certificate profiles for rollover
- Decision to revoke affected certificates within 5 days
- Revocation of 14 remaining unrevoked deficient DV certificates
- Revocation of remaining affected certificate
- Request to check if the incident can be closed
Participants
Enrico Entschew
External References
Similar Local Cases
D-Trust: Missing Pre-Signing Linting for TLS Issuance
D-Trust: QCStatement with http link of PKI Disclosure Statements
D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access field
D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714
D-TRUST: incorrectly formatted businessCategory entry
D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName
D-TRUST: syntax error in one tls certificate
D-TRUST: Issuance of non-conformant SSL certificate