← Deutsche Telekom Security GmbH cases
Bugzilla #1875820 Certificate Problem Report

Telekom Security: TLS certificates with basicConstraints not marked as critical

RESOLVED FIXED Deutsche Telekom Security GmbH
AI Summary

Deutsche Telekom Security GmbH reported an issue with 816 TLS certificates that were issued without marking the basicConstraints as critical, violating BR 7.1.2.7.6. The error was identified during routine checks and was attributed to an oversight of changes in the TLS BR version 2.0.0. Although the incident did not lead to any security breaches or customer complaints, the affected customers were informed and asked to revoke the certificates. A delayed revocation was later decided for critical infrastructures that could not replace the certificates in time. All affected certificates have since been revoked.

Model: gpt-4o-mini Generated: 2026-06-13 21:25 UTC Confidence: 0.95
Chronology
  1. Error message found during weekly checks
  2. Decision made to delay revocation for critical infrastructures
  3. All affected certificates revoked
  4. zlint updated in production environment
Participants
Arnold Essing Stefan Kirch
External References
Original Bugzilla Case bugzilla.mozilla.org
Similar Local Cases
#1655698 RESOLVED Certificate Problem Report Opened 2020-07-28 · Closed 2023-02-22 · 68% similar
Telekom Security: CRL also contained unrevoked certificates
AI Summary CA Owner
#1914383 RESOLVED Certificate Problem Report Opened 2024-08-22 · Closed 2024-12-11 · 66% similar
Telekom Security: CRL-Entries with wrong CRL Reason Codes
AI Summary CA Owner
#1705791 RESOLVED Certificate Problem Report Opened 2021-04-16 · Closed 2023-02-22 · 59% similar
Telekom Security: Multiple commonName in certificates
AI Summary CA Owner
#1703528 RESOLVED Certificate Problem Report Opened 2021-04-07 · Closed 2023-02-22 · 59% similar
Telekom Security: Key Encipherment in two ECC SAN TLS certificates
AI Summary CA Owner
#1675314 RESOLVED Certificate Problem Report Opened 2020-11-04 · Closed 2023-02-22 · 59% similar
Telekom Security: Wrong jurisdiction entries in certificates
AI Summary CA Owner
#2011238 RESOLVED Certificate Problem Report Opened 2026-01-19 · Closed 2026-03-17 · 57% similar
Telekom Security / DFN: CRL of “DFN-Verein Certification Authority 2“ contains empty revoked certificate list
AI Summary CA Owner
#2004668 RESOLVED Certificate Problem Report Opened 2025-12-08 · Closed 2026-01-20 · 57% similar
Telekom Security: Root-CA certificates published in PEM encoded format
AI Summary CA Owner
#1825780 RESOLVED Certificate Problem Report Opened 2023-03-31 · Closed 2023-07-05 · 57% similar
Telekom Security: Improper use of a domain validation method
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action