← Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) cases
Bugzilla #1888060
Certificate Misissuance
GDCA: Issuance of SSL/TLS certificates with Non-critical Basic Constraints
RESOLVED
FIXED
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))
AI Summary
Global Digital Cybersecurity Authority Co., Ltd. (GDCA) issued 20 SSL/TLS certificates between September 15 and October 8, 2023, with the Basic Constraints extension included but not marked as Critical. This misissuance was identified following a Certificate Problem Report received on March 26, 2024. GDCA has since revoked the problematic certificates and updated their compliance monitoring processes. They have also committed to deploying additional linting tools to prevent similar issues in the future.
Chronology
- First problematic certificate issued.
- Last problematic certificate issued.
- Certificate Problem Report received.
- All problematic certificates revoked or expired.
- Closure summary provided.
Participants
capoc@gdca.com.cn
ryandickson@google.com
mathew.hodson@gmail.com
bwilson@mozilla.com
External References
Similar Local Cases
IdenTrust: unintended creation of a Root CA certificate
GDCA: Incorrect Value in organizationName Field
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
SSL.com: Issuance of one Sponsored-Validated S/MIME certificate with organization information in givenName and surName of the subjectDN
SwissSign: EV code in JurisdiktionStateOrProvinceName
GDCA: Authentication of Organization Identity Failure for an OV Certificate
HARICA: S/MIME certificate issuance with incorrect commonName
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID