← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1921598
Certificate Problem Report
KIR: Intermediate CA - SZAFIR Trusted CA3 - Certificate Policies extension - non-compliance
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
An incident was reported involving the incorrect issuance of an intermediate certificate by Krajowa Izba Rozliczeniowa S.A. (KIR). The Certificate Policies extension in the SZAFIR Trusted CA3 Intermediate CA was missing Reserved Certificate Policy Identifiers, leading to non-compliance with S/MIME BR. This affected nearly 10,000 end-user certificates, which are critical for infrastructure and cannot be easily replaced. KIR has since updated its procedures and implemented additional checks to prevent future occurrences.
Chronology
- Incident reported by Rob Stradling.
- Preliminary investigation began.
- KIR acknowledged the need for delayed revocation.
- Closure summary submitted.
Participants
Piotr Grabowski
Rob Stradling
B. Wilson
External References
Similar Local Cases
KIR: Intermediate CA - SZAFIR Trusted CA4 - Certificate Policies extension - non-compliance
KIR: Failure to disclose intermediate certificate within 7 days in ccadb
KIR: Failure to disclose intermediate certificate within 7 days in ccadb
KIR: Delayed revocation within seven (7) days for bug 1921598
KIR S.A.: Invalid organizationName
KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName
KIR S.A.: CN domain not in SAN
KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown