← Izenpe S.A. cases
Bugzilla #1945867
Certificate Misissuance
Izenpe: Incorrect Unicode characters in Subject
RESOLVED
FIXED
Izenpe S.A.
AI Summary
Izenpe S.A. issued a certificate containing incorrect Unicode replacement characters in the Subject fields, specifically in the Locality and Organization fields, which violates RFC5280. The issue was detected after an email from the Chrome Root Program prompted immediate revocation of the certificate. The root cause was traced to a change in the web application that mishandled character encoding. Although post-linting tools were in place, the issuing team failed to act on the warning email, leading to the incident. Remedial actions have been implemented, including the integration of a new linting tool to prevent future occurrences.
Chronology
- A certificate with wrong encoding in Subject was issued.
- An email from Chrome Root Program warns about the issue.
- The certificate was revoked.
- A new version of the web application was deployed to fix the problem.
- Closure report submitted and all action items completed.
Participants
David Fernandez
External References
Similar Local Cases
Izenpe: certificate issued to internal domain
Izenpe: OU > 64 characters
Izenpe: Non-BR-Compliant OCSP Responders
Izenpe: incorrect value in stateOrProvinceName
Izenpe: Multiple invalid EV certificates issued
SwissSign: Certificate with key length 16258
ACCV: Certificates issued with cRLIssuer in CDP extension
SECOM: Unqualified domain name in SAN