← Actalis cases
Bugzilla #1883731
Certificate Misissuance
Actalis: Certificates issued with invalid RDN order
RESOLVED
FIXED
Actalis
AI Summary
Actalis identified a mis-issuance of 263 TLS EV certificates due to incorrect relative encoding order of the streetAddress attribute, violating the Baseline Requirements. Following an internal investigation initiated by a report on March 4, 2024, the CA halted the issuance of new certificates and confirmed the issue by March 11, 2024. All affected certificates were revoked by March 15, 2024. The root cause was attributed to a combination of software misconfiguration and insufficient linting checks, prompting Actalis to enhance their internal processes and linting practices.
Chronology
- Received report of potential issue affecting EV certificate.
- Confirmed mis-issuance and decided to revoke affected certificates.
- All affected certificates were revoked.
Participants
Marco Menonna
Ryan Dickson
Rebecca K
ChyaHung TWCA
Martijn Katerbarg
External References
Similar Local Cases
Actalis: Issuance of certificate using keys previously reported as compromised
Actalis: Insufficient serial number entropy
Actalis: Issuance of intermediates after 2020-08-20 that do not comply with Mozilla Policy and the Baseline Requirements
Sectigo: Incorrect JOI Country value
ACCV: Certificates issued with cRLIssuer in CDP extension
Actalis: Certs issued with same issuer and serial number
Sectigo: Wrong usage of LEI records for the issuance of SMIME Certificates
Sectigo: EV Certificate issuance with incorrect subject:serialNumber attribute value