← certSIGN cases
Bugzilla #1886624
Certificate Problem Report
certSIGN: Certificates with incorrect Subject attribute order
RESOLVED
FIXED
certSIGN
AI Summary
certSIGN issued 625 TLS certificates with an incorrect order of Subject attributes, violating BR section 7.1.4.2. Upon discovering the issue on March 18, 2024, certSIGN halted all TLS certificate issuance and began revoking affected certificates. The root cause was identified as a misconfiguration in their linter software, which failed to catch the error. Corrective actions included fixing the linter configuration and reviewing the software update testing process. All affected certificates have since been revoked and reissued.
Chronology
- certSIGN stopped issuance of TLS certificates after discovering the issue.
- certSIGN completed the search for affected certificates.
- certSIGN informed auditors and restarted issuance of TLS certificates.
- certSIGN revoked and reissued all affected certificates.
- certSIGN considered the bug resolved.
Participants
Gabriel PETCU
External References
Similar Local Cases
certSIGN: Missing certificate from the list of bad order subject attributtes
certSIGN: Incorrect data in stateOrProvinceName
certSIGN: delay in updating a Bugzilla ticket
certSIGN: certificates with delayed SCT signature
certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #4 – Expired cert with bad order of attributes
certSIGN: Delayed response to CPR
certSIGN: Delayed revocation
certSIGN: Non-BR-Compliant OCSP Responders