← Sectigo cases
Bugzilla #1915883
Certificate Misissuance
Sectigo: Missing data in cabfOrganizationIdentifier
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo identified a misissuance issue affecting five certificates due to a problem with the cabfOrganizationIdentifier extension. The issue arose from the parsing of the organizationIdentifier, which failed to account for hyphen-minus characters in the Registration Reference. Following the discovery, a patch was developed and deployed, and the affected certificates were revoked on September 3, 2024. The incident response was completed with all action items addressed, and monitoring for further questions is ongoing.
Chronology
- Received a recommendation to investigate 19 certificates.
- Identified issues with cabfOrganizationIdentifier extension.
- Deployed patch to issuance system.
- Revoked affected certificates.
- Requested closure of the bug.
Participants
Martijn Katerbarg
Ben Wilson
External References
Similar Local Cases
Sectigo: SMIME issuance with insufficient validation of mailbox authorization or control
Sectigo: Incorrect inclusion of DBA name
Sectigo: Misspelled city name in localityName field
Sectigo: Incorrect JOI Country value
Sectigo: EV Certificate issuance with incorrect subject:serialNumber attribute value
Sectigo: Invalid stateOrProvinceName
Sectigo: Wrong usage of LEI records for the issuance of SMIME Certificates
Sectigo: Failure to revoke within 5 days