← SwissSign AG cases
Bugzilla #1874196
Certificate Misissuance
SwissSign: difference in upper and lower case between CN field and SAN
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign identified a mis-issuance issue involving 44 certificates due to a discrepancy between the Common Name (CN) field and the Subject Alternative Name (SAN). The problem was reported by Ben Wilson, leading to an immediate investigation and revocation of the affected certificates. The root cause was traced to a bug in the issuance workflow that allowed the process to continue despite negative linting results. A fix was implemented on February 20, 2024, and an automatic alarm system for future mis-issuances was successfully tested on March 19, 2024.
Chronology
- Implementation of the Update that introduced the bug
- First mis-issued certificate
- Last mis-issued certificate
- Fixing conversion of big letters to small letters in the interface
- Email from Ben Wilson received
- Compliance confirms mis-issuance and starts mis-issuance process
- Implement fix for bug
- Automatic alarm for mis-issuance process successfully tested
Participants
Sandy Balzer
Ben Wilson
Aaron Gable
Mathew Hodson
External References
Similar Local Cases
SwissSign: S/MIME LCP not-permitted key usage
SwissSign: MPKI step-up process sets wrong JoI Locality
SwissSign: LDAP URL still in CRL distribution point (CDP)
SwissSign: S/MIME LCP: CN with values other than email address
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: Misissuance with mispellings in Location for a number of Certificates
SwissSign: modified fields were not saved into certificates and resulted in miss-issuance
SwissSign: Certificate with key length 4098 bit