← Telia Company cases
Bugzilla #1969036
Certificate Misissuance
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP
RESOLVED
FIXED
Telia Company
AI Summary
Telia CA issued fifteen TLS certificates with incorrect Authority Information Access (AIA) and Certificate Revocation List (CRL) URIs, violating TLS Baseline Requirements. The issue was identified on May 28, 2025, and all affected certificates were revoked within 24 hours. The root cause was linked to a policy change process that failed to detect incorrect values during a dual approval operation. Telia has since implemented additional verification measures and enhanced its custom linting solution to prevent similar incidents in the future.
Chronology
- Non-compliance start date
- Non-compliance identified and certificates revoked
- Full incident report submitted
- Custom pre-issuance linting implemented
- Final call for comments on incident report
- Incident report closure anticipated
Participants
Antti Backman
External References
Similar Local Cases
Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI
Telia: S/MIME Certificate issued to expired domain
Telia: TLS certificates issued in violation of TLS BR v2.0.1
Telia: Certificates Issued with lower case value in subject:countryName
Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile
Telia: S/MIME certificates issued in violation of S/MIME BR v1.0.1
Telia: invalid IP value in SAN DNS field
Telia: Misissued certificate - Invalid OU value "-"