← SSL.com cases
Bugzilla #1932973 Certificate Problem Report

SSL.com: CAA Empty set handling results in Wildcard issuance

RESOLVED FIXED SSL.com
AI Summary

SSL.com faced a Certificate Problem Report regarding the issuance of a wildcard TLS certificate due to a misinterpretation of the CAA record 'issue' ';'. The investigation revealed that the CAA validator incorrectly allowed the issuance based on the absence of an 'issuewild' property, violating SSL.com's CP/CPS. A patch was deployed to prevent future occurrences, and the issue was confirmed to affect only the reported certificate. SSL.com has since updated its testing procedures to include this edge case.

Model: gpt-4o-mini Generated: 2026-06-13 21:01 UTC Confidence: 0.90
Chronology
  1. SSL.com received a Certificate Problem Report regarding a potential mis-issuance.
  2. The wildcard certificate was revoked.
  3. SSL.com concluded the issuance was a violation of their CP/CPS.
  4. SSL.com submitted an updated incident report addressing community concerns.
Participants
secauditor@ssl.com bwilson@mozilla.com rebeccak@ssl.com agwa-bugs@mm.beanwood.com
External References
Original Bugzilla Case www.rfc-editor.org bugzilla.mozilla.org crt.sh
Similar Local Cases
#1938236 RESOLVED Certificate Problem Report Opened 2024-12-18 · Closed 2025-02-28 · 67% similar
SSL.com: Failure to process CAA records from one SubCA
AI Summary CA Owner
#1722089 RESOLVED Certificate Problem Report Opened 2021-07-23 · Closed 2023-02-22 · 66% similar
SSL.com: Issuance of 3 EV TLS certificates without 2-person validation of the organization information
AI Summary CA Owner
#1719916 RESOLVED Certificate Problem Report Opened 2021-07-09 · Closed 2023-02-22 · 66% similar
SSL.com: Issuance of an EV TLS certificate with incorrect O Field Value
AI Summary CA Owner
#1961406 RESOLVED Certificate Problem Report Opened 2025-04-18 · Closed 2025-07-02 · 65% similar
SSL.com: DCV bypass and issue fake certificates for any MX hostname
AI Summary CA Owner
#1790693 RESOLVED Certificate Problem Report Opened 2022-09-13 · Closed 2023-03-24 · 64% similar
SSL.com: Issuance of 1 EV TLS certificate using a Registration/Incorporation Agency not included in our approved public list.
AI Summary CA Owner
#1957140 RESOLVED Certificate Problem Report Opened 2025-03-28 · Closed 2025-08-11 · 64% similar
SSL.com: "unknown" OCSP response for issued certificates
AI Summary CA Owner
#1666872 RESOLVED Certificate Problem Report Opened 2020-09-23 · Closed 2023-02-22 · 63% similar
SSL.com: Insufficient validation evidence for the localityName attribute of an OV certificate
AI Summary CA Owner
#1800753 RESOLVED Certificate Problem Report Opened 2022-11-15 · Closed 2023-07-21 · 63% similar
SSL.com: Delayed revocation of certificate with weak key
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action