← SSL.com cases
Bugzilla #1871113 Self Incident Disclosure

SSL.com: Issuance of one Sponsored-Validated S/MIME certificate with organization information in givenName and surName of the subjectDN

RESOLVED FIXED SSL.com
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

SSL.com reported a compliance issue regarding the issuance of a Sponsored-Validated S/MIME certificate that incorrectly included organization information in the givenName and surName fields of the subjectDN. This incident was triggered when a subscriber used the bulk order tool incorrectly, leading to a violation of the CA's Certificate Policy. The affected certificate was issued on December 14, 2023, and was revoked shortly after the issue was identified on December 18, 2023. SSL.com has since implemented corrective actions, including updates to the bulk order tool and public documentation to prevent similar occurrences in the future. The case has been resolved with all action items completed.

Model: gpt-4o-mini Generated: 2026-06-13 21:01 UTC Revised: 2026-06-16 18:48 UTC Confidence: 0.90 15 comments
Chronology
  1. A Sponsored-Validated S/MIME certificate was issued with incorrect subject information.
  2. The certificate was revoked after detection during a routine check.
  3. All action items related to the incident have been completed.
Thread Activity
  1. secauditor@ssl.com — SSL.com disclosed the incident and provided a detailed report of the events leading to the misissuance.
  2. secauditor@ssl.com — Guidance for bulk-ordering Organization-Validated S/MIME certificates was published.
  3. secauditor@ssl.com — A wizard was deployed to guide users through the bulk ordering process.
  4. secauditor@ssl.com — SSL.com requested closure of the report after completing all action items.
Participants
secauditor@ssl.com amir@aaomidi.com mathew.hodson@gmail.com bwilson@mozilla.com
External References
Original Bugzilla Case www.ssl.com
Similar Local Cases
#1722089 RESOLVED Self Incident Disclosure Opened 2021-07-23 · Closed 2023-02-22 · 77% similar
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
AI Summary CA Owner
#1932973 RESOLVED Self Incident Disclosure Opened 2024-11-22 · Closed 2025-04-07 · 72% similar
SSL.com: CAA Empty set handling results in Wildcard issuance
AI Summary CA Owner
#1938236 RESOLVED Self Incident Disclosure Opened 2024-12-18 · Closed 2025-02-28 · 69% similar
SSL.com: Failure to process CAA records from one SubCA
AI Summary CA Owner
#1894054 RESOLVED Self Incident Disclosure Opened 2024-04-29 · Closed 2024-07-03 · 69% similar
SwissSign: MPKI step-up process sets wrong JoI Locality
AI Summary CA Owner
#1724520 RESOLVED Self Incident Disclosure Opened 2021-08-06 · Closed 2023-02-22 · 68% similar
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
AI Summary CA Owner
#1750631 RESOLVED Self Incident Disclosure Opened 2022-01-17 · Closed 2024-06-30 · 68% similar
SSL.com: Issuance of TLS certificates with domain validation methods prohibited by SC-45
AI Summary CA Owner
#1931636 RESOLVED Self Incident Disclosure Opened 2024-11-15 · Closed 2025-02-12 · 67% similar
SSL.com: Delay in publishing OCSP responses
AI Summary CA Owner
#1678720 RESOLVED Self Incident Disclosure Opened 2020-11-20 · Closed 2023-02-22 · 66% similar
SSL.com: Wildcard DV certificate issued with a non-validated domain name
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action