← Sectigo cases
Bugzilla #1917405
Certificate Misissuance
Sectigo: S/MIME OV Mis-issuance
RESOLVED
FIXED
Sectigo
AI Summary
This case involves a reported misissuance of an S/MIME certificate by Sectigo for the Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. The complainant highlighted issues with the state and organization identifier fields in the certificate, claiming they did not comply with S/MIME baseline requirements. Sectigo acknowledged the concerns but defended their issuance, stating that the identifiers were correct according to their interpretation of the regulations. They agreed to revoke the certificates as a precaution while discussions about the clarity of the requirements continue.
Chronology
- Initial complaint filed regarding S/MIME certificate misissuance.
- Sectigo acknowledged the complaint and began investigation.
- Sectigo concluded investigation, marking the issue as not an incident.
- Sectigo requested to close the bug after determining the need for clarification in the SBRs.
Participants
Q Misell
Martijn Katerbarg
Erin Shepherd
Roman Fischer
External References
Similar Local Cases
Sectigo: Wrong usage of LEI records for the issuance of SMIME Certificates
Sectigo: EV Certificate issuance with incorrect subject:serialNumber attribute value
Sectigo: Incorrect JOI Country value
Sectigo: Misspelled city name in localityName field
Sectigo: Incorrect JOI
Sectigo: SMIME issuance with insufficient validation of mailbox authorization or control
Sectigo: Incorrect inclusion of DBA name
Sectigo: Missing data in cabfOrganizationIdentifier