← Microsec Ltd. cases
Bugzilla #1886257
Certificate Misissuance
Microsec: Misissuance an EV TLS certificate without CPSuri
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. misissued an EV TLS certificate that lacked the required CPSuri link. The issue was reported via email, and due to delays in response, multiple incident reports were created to address the misissuance, delayed revocation, and failure to respond timely. Although the missing CPSuri does not affect the certificate's usability or security, it complicates access to policy information. Microsec has since revoked the misissued certificates and implemented corrective measures to prevent future occurrences.
Chronology
- Microsec received a report of a potentially misissued certificate.
- A second report was sent, prompting an internal investigation.
- Microsec issued a new EV TLS certificate with the correct CPSuri.
- All misissued certificates were revoked.
Participants
dr. Sándor SZŐKE
External References
Similar Local Cases
Microsec: Misissuance of one OV certificate with Key Usage KeyEncipherment
Microsec: Certificate validity period greater than 398 days
Microsec: Validity period greater than 825 days
Microsec: Failure to revoke noncompliant ICA within 7 days
Microsec: Non-BR-Compliant Certificate Issuance
Sectigo: Incorrect EV businessCategory
DigiCert: DigiCert issued cert with CN too long
NAVER Cloud Trust Services: Certificate issued with incorrect OCSP URI in AIA