← HARICA cases
Bugzilla #1943604
Certificate Misissuance
HARICA: TLS Server certificate issuance without proper validation
CLOSED
FIXED
HARICA
AI Summary
On January 23, 2025, HARICA was notified of a TLS Server certificate issued without proper domain control validation due to a typo in the domain name. The validation system incorrectly reused domain control validation (DCV) evidence based on substring matching, allowing the misissuance. HARICA suspended TLS certificate issuance immediately, revoked the affected certificate within 24 hours, and confirmed no other certificates were impacted. A patch was implemented to prevent similar issues in the future, and a comprehensive review of the validation process was initiated.
Chronology
- HARICA informed of misissued TLS certificate.
- Certificate issuance suspended and affected certificate revoked.
- Patch deployed to fix validation logic.
- Incident closure summary submitted.
Participants
Dimitris Zacharopoulos
External References
Similar Local Cases
HARICA: S/MIME certificate issuance with incorrect commonName
HARICA: 3 EV TLS Certificates without L or ST
HARICA: subject:organizationIdentifier using VATEL as a prefix for tax identifier
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
DigiCert: in-addr.arpa Misissuance
Telia: invalid IP value in SAN DNS field
SSL.com: Wildcard DV certificate issued with a non-validated domain name
NAVER Cloud Trust Services: Certificate issued with incorrect OCSP URI in AIA