← SwissSign AG cases
Bugzilla #1866091
Certificate Misissuance
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a mis-issuance of an EV certificate due to an oversight in their internal processes. One certificate was not revoked as it was in a 'domain validation pending' state, leading to its issuance with a code instead of the full jurisdiction name. The issue was identified during an internal audit, and the certificate was revoked shortly after. The root cause was linked to the new CA system's handling of certificate states, which did not account for pending requests. Corrective actions have been implemented to prevent future occurrences.
Chronology
- SwissSign employee raises a question about EV jurisdictionStateOrProvinceName field
- Developer notices mis-issued certificate and informs Compliance team
- Compliance confirms mis-issuance and starts revocation process
Participants
Roman Fischer
External References
Similar Local Cases
SwissSign: MPKI step-up process sets wrong JoI Locality
SwissSign: S/MIME LCP: CN with values other than email address
SwissSign: S/MIME wrong key Usage
SwissSign: Missed revocation and opening Bugzilla
SwissSign: S/MIME certificates deviate from CPR
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: EV code in JurisdiktionStateOrProvinceName
SwissSign: Cert issued with a to long validity period