← Entrust cases
Bugzilla #1906470
Certificate Problem Report
Entrust: S/MIME mailbox address case mismatch between subject and subjectAltName
RESOLVED
FIXED
Entrust
AI Summary
Entrust identified a certificate problem involving two S/MIME certificates issued with a mailbox address case mismatch between the subject name and the subjectAltName. This issue was discovered during an internal investigation prompted by a pkilint error. The affected certificates were not expired or revoked at the time of detection. Entrust took immediate action to halt S/MIME certificate issuance and informed the subscribers of the impacted certificates. Both certificates were revoked within the required timeframe, and measures have been implemented to prevent similar issues in the future.
Chronology
- Internal notification of a pkilint error about potential certificate mis-issuance received.
- Investigation began; S/MIME certificate issuance halted.
- Two mis-issued S/MIME certificates identified.
- Both impacted certificates revoked.
- Pre-sign linting for S/MIME deployed.
Participants
Bruce Morton
External References
Similar Local Cases
Entrust: IP Address in dNSName form
Entrust: Test Website Certificates Expired
Entrust: SSL Certificates issued with Un-verified IP Addresses
Entrust: EV TLS Certificate incorrect jurisdiction
Entrust: S/MIME Certificate Issued with Incorrect Policy OID
Entrust: Printable String Constraint Failure
Entrust: Incorrect keyUsage for ECC certificate
Entrust: TLS Certificate issued with a key that is impacted by the Close Primes vulnerability