← GlobalSign nv-sa cases
Bugzilla #1944815
Certificate Problem Report
GlobalSign: Organization-validated SMIME certificate with invalid organizationIdentifier for European country
RESOLVED
FIXED
GlobalSign nv-sa
AI Summary
GlobalSign identified an issue with an organization-validated S/MIME certificate that contained an invalid Subject:organizationIdentifier structure, violating Baseline Requirements for S/MIME. The certificate was issued with an invalid NTR structure for Germany, leading to its revocation. A thorough review confirmed no other certificates were affected. Remedial actions included deploying technical restrictions in the vetting workflow and enhancing training for the vetting team to prevent future occurrences.
Chronology
- Certificate issued and post-linter notification sent to Compliance team.
- Compliance team confirms issue and initiates investigation.
- Revocation scheduled for affected certificate.
- Incident report completed and remedial actions initiated.
- All remedial actions completed and incident report closure requested.
Participants
Christophe Bonjean
B. Wilson
External References
Similar Local Cases
GlobalSign: Certificate issued to FQDN with malformed CAA
GlobalSign: CRLs reported in CCADB unavailable
GlobalSign: OCSP responder certificates with more than 64 characters in CN
GlobalSign: EV TLS certificate with only metadata in JOI State field
GlobalSign: OV TLS certificate with incorrect countryName value for organization
GlobalSign: Three (3) revoked precertificates with reasonCode “certificateHold”
GlobalSign: misalignment of CRL URL in CCADB with issued certificates
GlobalSign: Certificates with RSA keys where modulus is not divisible by 8