← Disig, a.s. cases
Bugzilla #1907667
Certificate Problem Report
Disig: Two certificates with same serial number
RESOLVED
FIXED
Disig, a.s.
AI Summary
Disig was notified of a potential issue involving the issuance of two certificates with the same serial number but different extension orders. This was identified through the existence of two pre-certificates. An investigation revealed that only one certificate was registered in their system, which complied with the uniqueness requirement for serial numbers. Disig proactively halted TLS certificate issuance until the root cause was identified, which was traced back to a configuration error in their new CA signing software. The issue was resolved, and the issuance of TLS certificates resumed after corrective measures were implemented.
Chronology
- Baseline Requirements for the Issuance and Management of Publicly‐Trusted Certificates Version 2.0.5 became effective.
- Disig issued a TLS pre-certificate and TLS certificate with the same serial number.
- Disig was notified of the issue regarding the duplicate serial number.
- Disig identified the root cause and halted TLS certificate issuance.
- New CA signing software was deployed to fix the issue.
- Disig considered the issue resolved and expected closure of the case.
Participants
Peter Miskovic
Mathew Hodson
Jozef Nigut
Ryan Dickson
Wayne
External References
Similar Local Cases
Disig: TLS certificate with basicConstraints not marked as critical
Disig: Certificates with invalid embedded SCT signature
Disig: Certificates with incorrect Subject attribute order
Disig: Missing CA Disig R2I2 Certification Service Full CRL URLs in CCADB
Disig CRL broken, mis-listed? / CA list CRL links need auditing.
Disig: Non-BR-Compliant OCSP Responders
certSIGN: Missing certificate from the list of bad order subject attributtes
Disig: Delayed Full Incident Report