← SECOM Trust Systems CO., LTD. cases
Bugzilla #1896596
Certificate Misissuance
SECOM: Certificates Issued with lower case value in subject:countryName
RESOLVED
FIXED
SECOM Trust Systems CO., LTD.
AI Summary
SECOM Trust Systems identified that 16 TLS server certificates were issued with a lowercase country code (C=jp) in the subject:countryName field. Although they believe this does not constitute a violation of the Baseline Requirements, they decided to revoke 140 certificates as a precautionary measure. SECOM has implemented a system change to ensure that future certificates will only use uppercase letters for country codes. They also plan to engage in discussions within the Definitions and Glossary Working Group to clarify the standards regarding country code capitalization.
Chronology
- SECOM notified of 16 TLS certificates with lowercase country code.
- Revocation of 140 certificates completed.
- System implementation to enforce uppercase country codes completed.
- SECOM posted on GitHub regarding country code capitalization.
Participants
SECOM Trust Systems - ONO Fumiaki
Mathew Hodson
Ryan Dickson
External References
Similar Local Cases
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ)
SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ)
Entrust: EV TLS Certificate cPSuri missing
SECOM: "Default City" in Subject:localityName
Telia: Certificates Issued with lower case value in subject:countryName
SECOM: Undisclosed intermediate certificates
SECOM: Mis-issued EV Certificates
SECOM: Unqualified domain name in SAN