← Netlock cases
Bugzilla #1889570
Certificate Misissuance
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates
RESOLVED
FIXED
Netlock
AI Summary
NETLOCK was notified on April 3, 2024, that a TLS certificate issued by its 'NETLOCK Trust EV CA 3' intermediate certificate failed a zlint check due to the inclusion of a prohibited User Notice field. The investigation revealed that all affected certificates contained this field, which does not impact security or usability. NETLOCK initiated customer communication and planned revocation of the misissued certificates, which were completed by May 1, 2024. The incident highlighted the need for improved internal monitoring processes to prevent future occurrences.
Chronology
- NETLOCK notified of TLS certificate issue
- Initial investigation started
- Customer communication began regarding the error
- All related certificates revoked
Participants
Tamás Horváth
Amir Aamidi
Ryan Dickson
B. Wilson
N. Nagy
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Entrust: Failure to revoke OV TLS - CPS typographical (text placement) error
ACCV: Certificates issued with cRLIssuer in CDP extension
Entrust: CPS typographical (text placement) error
GlobalSign: TLS OV Certificate containing unverified information
Telia: TLS certificates issued in violation of TLS BR v2.0.1
Entrust: EV TLS Certificate cPSuri missing
GlobalSign: EV certificate with wildcard domain in common name and SAN
NetLock: Non-BR-Compliant Certificate Issuance