← Telia Company cases
Bugzilla #1920659
Certificate Misissuance
Telia: S/MIME Certificate issued to expired domain
RESOLVED
FIXED
Telia Company
AI Summary
Telia Certificate Authority issued a Legacy OV S/MIME certificate for a domain that had expired validation. This incident affected one subscriber using a bespoke API, leading to the revocation of the certificate and the disabling of the API to prevent further misissuance. The root cause was identified as a manual configuration error that overlooked the domain validation reuse threshold during preparations for the S/MIME Baseline Requirements. Telia CA has since committed to improving its configuration management processes to prevent similar incidents in the future.
Chronology
- Subscriber sent certificate signing request to Telia CA API
- Telia CA identified expired domain validation and revoked the certificate
- Full incident report submitted
- Incident report closure summary provided
Participants
Antti Backman
External References
Similar Local Cases
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP
Telia: Certificates Issued with lower case value in subject:countryName
Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI
Telia: TLS certificates issued in violation of TLS BR v2.0.1
Telia: S/MIME certificates issued in violation of S/MIME BR v1.0.1
Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile
Telia: "Some-State" in stateOrProvinceName
Telia: invalid IP value in SAN DNS field