← Disig, a.s. cases
Bugzilla #1888104 Certificate Problem Report

Disig: TLS certificate with basicConstraints not marked as critical

RESOLVED FIXED Disig, a.s.
AI Summary

Disig identified a compliance issue with a TLS certificate that had the basicConstraints extension not marked as critical, violating TLS BR 7.1.2.7.6. Following the notification, Disig revoked the affected certificate and issued a new one. They also discovered seven additional certificates with the same issue. To prevent future occurrences, Disig has implemented zlint into their CA system for pre-issuance checks. The issue has been resolved, and the corrective actions have been completed.

Model: gpt-4o-mini Generated: 2026-06-13 21:21 UTC Confidence: 0.95
Chronology
  1. Disig notified about the non-compliance issue.
  2. Affected certificate revoked.
  3. zlint successfully implemented into production CA system.
Participants
Jozef Nigut Peter Miskovic Amir Aamidi Rob Stradling
External References
Original Bugzilla Case crt.sh crt.sh
Similar Local Cases
#1907667 RESOLVED Certificate Problem Report Opened 2024-07-12 · Closed 2024-08-17 · 69% similar
Disig: Two certificates with same serial number
AI Summary CA Owner
#2007132 RESOLVED Certificate Problem Report Opened 2025-12-19 · Closed 2026-02-11 · 68% similar
Disig: Certificates with invalid embedded SCT signature
AI Summary CA Owner
#1889672 RESOLVED Certificate Problem Report Opened 2024-04-04 · Closed 2024-06-01 · 64% similar
Disig: Certificates with incorrect Subject attribute order
AI Summary CA Owner
#2007066 RESOLVED Certificate Problem Report Opened 2025-12-19 · Closed 2026-01-20 · 59% similar
Disig: Missing CA Disig R2I2 Certification Service Full CRL URLs in CCADB
AI Summary CA Owner
#1398242 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 59% similar
Disig: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#2008972 RESOLVED Certificate Problem Report Opened 2026-01-07 · Closed 2026-01-28 · 58% similar
Disig: Delayed Full Incident Report
AI Summary CA Owner
#693915 RESOLVED Certificate Problem Report Opened 2011-10-12 · Closed 2022-11-14 · 57% similar
Disig CRL broken, mis-listed? / CA list CRL links need auditing.
AI Summary CA Owner
#1809382 RESOLVED Certificate Problem Report Opened 2023-01-10 · Closed 2023-09-29 · 56% similar
CFCA: Certificate with wrong crlDistributionPoints
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action