← GlobalSign nv-sa cases
Bugzilla #1870276
Certificate Misissuance
GlobalSign: TLS OV Certificate containing unverified information
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign issued a TLS OV certificate containing unverified information in the subject fields on December 14, 2023. The certificate was revoked shortly after its issuance upon discovery of the mis-issuance. An internal investigation revealed that miscommunication between the support and vetting teams led to the issuance of the certificate despite instructions to prevent it. The incident prompted a review of procedures, resulting in updates to the Acceptable Use Policy and the establishment of a formal escalation process.
Chronology
- Certificate issued containing unverified information
- Certificate revoked upon discovery of mis-issuance
- Incident report submitted detailing the miscommunication
- Remedial actions completed and case prepared for closure
Participants
Eva Van Steenberge
Christophe Bonjean
Amir Aamidi
Mathew Hodson
B. Wilson
External References
Similar Local Cases
GlobalSign: EV certificate with wildcard domain in common name and SAN
GlobalSign: Incorrect RegNumber-Org Type combination
GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31
GlobalSign: Issuance of test certificate (pre-certificate) for EV SSL/QWAC with no EKU extension
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName
GlobalSign: Wrong business category (Non Commercial Entity when should have been Private Organization)
Telia: TLS certificates issued in violation of TLS BR v2.0.1
SwissSign: MPKI step-up process sets wrong JoI Locality