← Microsec Ltd. cases
Bugzilla #1889699
Certificate Problem Report
Microsec: Disallowed subject attribute field in DV certificate
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. reported a misissuance of DV certificates containing the SerialNumber extension, which is not permitted under current CABF BR requirements. Although the presence of this extension does not affect the usability or security of the certificates, it unnecessarily increases their size. Following the discovery, Microsec promptly initiated an investigation, revoked the affected certificates, and updated their certificate profiles to comply with the new standards. The incident was resolved efficiently, with no further issuance of DV certificates during the investigation period.
Chronology
- Microsec received notification about misissued DV certificates.
- Microsec revoked the misissued certificates and updated their certificate profiles.
- Confirmation that there are no open issues regarding the incident.
Participants
dr. Sándor SZŐKE
Mathew Hodson
Ryan Dickson
External References
Similar Local Cases
Microsec: Incorrect OCSP Delegated Responder Certificate
Microsec: "DV valid" test website certificate issued under incorrect root
Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields
MICROSEC: Incident report - No OCSP status response for 2 Precertificates
Microsec: Late response to a CPR
Microsec: CT Logging mistakes
Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB
Disig: Two certificates with same serial number