← Asseco Data Systems S.A. cases
Bugzilla #1865080
Certificate Problem Report
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Certum issued 138 EV TLS certificates with an incorrect relative order of Subject attributes after the implementation of BR TLS 2.0.0. The issue was identified during a Bugzilla review on November 16, 2023, leading to a halt in certificate issuance and subsequent revocation of all affected certificates. The compliance team has since corrected the error and resumed issuance. A full incident report was published on November 23, 2023, detailing the timeline and actions taken.
Chronology
- Compliance team identifies mis-issuance of EV TLS certificates.
- Certum revokes all affected certificates.
- Full incident report published.
Participants
aleksandra.kurosz@assecods.pl
bwilson@mozilla.com
amir@aaomidi.com
dzacharo@harica.gr
kateryna.aleksieieva@assecods.pl
External References
Similar Local Cases
Asseco DS / Certum: Incorrect OCSP response encoding
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates
Microsoft PKI Services: CA Certificates not published in DER Encoded Format
Entrust: CPR was not responded to in 24 hours
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
Buypass: Domain validation method using externally operated DNS tools
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment)
Asseco DS / Certum: Finding in Routine WebTrust Audit – S/MIME certificates issued with mailbox validation older than 30 days