← D-TRUST cases
Bugzilla #1891225
Certificate Problem Report
D-Trust: Issuance of 15 certificates with incorrect subject attribute order
RESOLVED
FIXED
D-TRUST
AI Summary
D-Trust issued 15 TLS certificates from the Subordinate CA 'D-TRUST CA 2-2 EV 2016' with an incorrect order of subject attributes, violating TLS Baseline Requirements. After being notified of the issue, D-Trust halted production, corrected the configuration, and revoked the affected certificates. All customers were informed and supported in replacing their certificates. The incident led to the implementation of additional internal checks and the adoption of a second linter to ensure compliance with future standards.
Chronology
- Check of existing certificate profiles against Ballot SC62
- Entry into force of the provisions from Ballot SC62
- Email about potential violation of the BRs
- Start of investigation and stop of production
- All affected certificates were revoked
- Implementation of additional checks to cover changes of the BRs by SC62
- PKILint installed successfully in production system
- All measures implemented successfully
Participants
Leyla Sahin
External References
Similar Local Cases
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject
D-TRUST: incorrectly formatted businessCategory entry
D-TRUST: Issuance of non-conformant SSL certificate
D-TRUST: Certificate with RSA key where modulus is not divisible by 8
D-TRUST: Wrong key usage (Key Agreement)
D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access field
D-TRUST: Wrong key usage (Key Encipherment)
D-TRUST: Non-BR-Compliant Certificate Issuance