← Asseco Data Systems S.A. cases
Bugzilla #1904494
Certificate Problem Report
Asseco DS / Certum: Cross-certificate not included in 2024 S/MIME Audit statement
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
Asseco Data Systems S.A. reported that a cross-certificate was unintentionally omitted from the 2024 S/MIME Audit statement, leading to a failure in the ALV check-up in CCADB. The incident did not affect certificate issuance. The root cause was identified as a lapse in the verification process during audit compilation, where the Compliance Team failed to accurately cross-reference the list of CA certificates. Action items have been established to prevent future occurrences, including the automation of the CA list generation for audits.
Chronology
- Preliminary incident report created.
- Confirmation received to re-issue the S/MIME Audit statement.
- Detailed incident report published.
- Script for additional verification of SHA256 fingerprints completed.
- Request made to close the bug.
Participants
Kateryna Aleksieieva
Ben Wilson
External References
Similar Local Cases
Asseco DS / Certum: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption
Asseco DS / Certum: DNS service outage
Asseco DS / Certum: Finding in Routine WebTrust Audit – S/MIME certificates issued with mailbox validation older than 30 days
Asseco DS / Certum: Organization Identifier and Country field discrepancies
Asseco DS / Certum: CRL URLs disclosed in CCADB do not exactly match the CRL URLs in certificates
Asseco DS / Certum: CRL non-conformance with the TLS BRs
Asseco DS / Certum: Irregularities in Xinchacha/Xcc Brand SSL Certificates
Asseco DS / Certum: commonName not from subjectAltName entries