← SwissSign AG cases
Bugzilla #1914023
Certificate Misissuance
SwissSign: S/MIME LCP not-permitted key usage
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG reported a mis-issuance of two S/MIME LCP certificates due to the use of a legacy profile during the renewal process, resulting in non-permitted key usage. The issue was identified during an annual audit, leading to the immediate suspension of the email-based renewal process and the revocation of the affected certificates. All remediation actions have been completed, including the removal of the auto-renewal feature and the implementation of additional test coverage to prevent future occurrences.
Chronology
- First mis-issuance detected
- Last mis-issuance detected
- Bugzilla case posted
- Both affected certificates revoked
- Test coverage for profile changes implemented
Participants
Sandy Balzer
Ben Wilson
External References
Similar Local Cases
SwissSign: Mis-Issuance of S/MIME certificates
SwissSign: difference in upper and lower case between CN field and SAN
SwissSign: LDAP URL still in CRL distribution point (CDP)
SwissSign: S/MIME LCP: CN with values other than email address
SwissSign: Misissuance with mispellings in Location for a number of Certificates
SwissSign: Certificate with key length 16258
SwissSign: S/MIME NCP non ASCII symbols in email and SAN field wrong coding
SwissSign: MPKI step-up process sets wrong JoI Locality