← HARICA cases
Bugzilla #1872374
Certificate Misissuance
HARICA: subject:organizationIdentifier using VATEL as a prefix for tax identifier
RESOLVED
FIXED
HARICA
AI Summary
HARICA identified a misissuance of three EV TLS Certificates that used 'VATEL' as a prefix for the 'subject:organizationIdentifier', which conflicts with the EV Guidelines requiring the ISO 3166-1 country code. Although Greek law allows the use of 'EL', the EV Guidelines mandate the use of 'GR'. Following community feedback, HARICA decided to revoke the affected certificates and update their policies to ensure compliance with both local law and the EV Guidelines. The situation highlights the complexities of aligning local regulations with international standards.
Chronology
- CP/CPS version 3.8 published introducing the organizationIdentifier attribute.
- HARICA receives guidance from the Greek eIDAS Supervisory Body on preferred prefixes.
- HARICA discloses the issue and seeks community feedback.
- HARICA decides to revoke the misissued certificates.
- Last misissued certificate revoked.
- HARICA proposes a new CA/B Forum ballot to amend the EV Guidelines.
Participants
Dimitris Zacharopoulos
Aaron
Clint
C. Clements
External References
Similar Local Cases
HARICA: S/MIME certificate issuance with incorrect commonName
HARICA: TLS Server certificate issuance without proper validation
HARICA: 3 EV TLS Certificates without L or ST
Consorci AOC: Misissued certificates: commonName:organizationIdentifier attribute inclusion not conforming CABForum guidelines 1.6.9
DigiCert: Invalid Characters in S/MIME Subject Fields
Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile
SwissSign: EV code in JurisdiktionStateOrProvinceName
SwissSign: S/MIME NCP non ASCII symbols in email and SAN field wrong coding