← Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) cases
Bugzilla #1922906
Certificate Misissuance
FNMT: LDAP URI in CRL Distribution Points Extension
RESOLVED
FIXED
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)
AI Summary
The Government of Spain's FNMT issued 759 SSL/TLS certificates that incorrectly included an LDAP URI in the CRL Distribution Points extension, violating CAB/Forum Baseline Requirements. Upon receiving a notification about the issue, FNMT suspended certificate issuance and conducted a thorough investigation. The affected certificates were revoked within five days, and measures were implemented to enhance compliance monitoring and linting tools. All actions related to the incident have been completed, and the case is now resolved.
Chronology
- FNMT received notification of potential mis-issuance.
- All affected certificates were identified and revoked.
- Closure summary provided and case marked for closure.
Participants
Amaya Espinosa
External References
Similar Local Cases
FNMT: Issuance of certificate using keys previously reported as compromised
FNMT: OU exceeds 64 characters
FNMT: Missisuance of web site certificates without CA/Browser Forum’s reserved policy OID
ACCV: Certificates issued with cRLIssuer in CDP extension
Let's Encrypt: Mis-issued certificates related to SC48v2
eMudhra emSign PKI Services : www Subdomain Inclusion in Certificate SAN via ACME Issuance Workflow
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels