← SwissSign AG cases
Bugzilla #1876771
Certificate Misissuance
SwissSign: modified fields were not saved into certificates and resulted in miss-issuance
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG identified a bug in their new web shop integration that caused modifications to regulated fields in certificates to not be saved, leading to the mis-issuance of 11 TLS certificates. The issue was reported internally, prompting an immediate investigation and the suspension of certificate issuance. The root cause was quickly identified, and a mitigation strategy was implemented, switching from the OV to EV RAO process to ensure compliance. All mis-issued certificates have since been revoked.
Chronology
- Internal report received about the issue
- Bugzilla case posted
- All mis-issued certificates revoked
Participants
Sandy Balzer
External References
Similar Local Cases
SwissSign: difference in upper and lower case between CN field and SAN
SwissSign: MPKI step-up process sets wrong JoI Locality
SwissSign: S/MIME LCP not-permitted key usage
SwissSign: S/MIME NCP non ASCII symbols in email and SAN field wrong coding
SwissSign: LDAP URL still in CRL distribution point (CDP)
SwissSign: wrong address in EV certificate
SwissSign: Cert issued with a to long validity period
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation