← Asseco Data Systems S.A. cases
Bugzilla #1871393
Certificate Misissuance
Asseco DS / Certum: Delayed revocation of EV certificates
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. reported a delay in the revocation of 138 EV TLS certificates issued with an incorrect relative order of Subject attributes. The certificates were issued after September 15, 2023, and were not revoked within the required timeframe as specified in the Baseline Requirements. All affected certificates were ultimately revoked on November 21, 2023. The incident highlighted a misunderstanding of the revocation timeline, prompting a revision of internal procedures to ensure compliance in the future.
Chronology
- Investigation started
- Certum revoked all affected certificates
- Discussion in bug 1865080 led to the creation of this bug
Participants
Aleksandra Kurosz
B. Wilson
Kateryna Aleksieieva
External References
Similar Local Cases
Asseco DS / Certum: S/MIME certificates with error in subjectAlternativeName
Asseco DS / Certum: Non-BR-Compliant Issuance - Debian Weak Keys
Asseco DS / Certum: EV Certificates issued with wrong Business Category
Dhimyotis / Certigna: Certificates issued with validity periods greater than 398-days
Asseco DS / Certum: EV certificate mis-issue
Asseco DS / Certum: Invalid value in SAN dNSName
SwissSign: Missed revocation and opening Bugzilla
SwissSign: S/MIME NCP non ASCII symbols in email and SAN field wrong coding