← Entrust cases
Bugzilla #1906467
Certificate Misissuance
Entrust: S/MIME mailbox address not in subjectAltName
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified a mis-issuance of an S/MIME certificate where a mailbox address in the subject commonName was not included in the subjectAltName, violating S/MIME Baseline Requirements. The issue was detected through post-issuance linting, leading to a halt in S/MIME certificate issuance and the revocation of the impacted certificate within the required timeframe. Entrust has since implemented pre-sign linting to prevent similar occurrences in the future.
Chronology
- Email received indicating a linting error about a mailbox address not found in SAN.
- Investigation confirmed mis-issuance and halted S/MIME certificate issuance.
- The mis-issued certificate was revoked.
- Pre-sign linting for S/MIME deployed.
Participants
Bruce Morton
Aaron Gable
Matthias
External References
Similar Local Cases
Entrust: Subscriber provides private key with CSR
Entrust: S/MIME OrgID Country not matching C field
Entrust: Late mis-issue certificate revocation
Entrust: Jurisdiction Locality Wrong in EV Certificate
Entrust: Business Entity not permitted in CPS
Entrust: CPS typographical (text placement) error
Entrust: Issued Certificates to incorrect Organization
Entrust: Question marks in certificate O and L fields