← eMudhra Technologies Limited cases
Bugzilla #1973341
Certificate Problem Report
eMudhra emSign PKI Services: Policy Document Inconsistency
RESOLVED
FIXED
eMudhra Technologies Limited
AI Summary
eMudhra Technologies Limited issued a TLS certificate for CN=msmeranchi.nic.in with an RSA key size of 4048 bits, which was compliant with Baseline Requirements but inconsistent with their published Certificate Policy (CP) and Certification Practice Statement (CPS) that only referenced RSA 2048. This discrepancy was identified by an external researcher on June 19, 2025, leading to a review and subsequent updates to the CP/CPS to clarify acceptable key sizes. The incident was resolved by revoking 449 unexpired certificates that did not align with the clarified policy, and the updated CP/CPS was published on July 8, 2025.
Chronology
- Certificate issued for CN=msmeranchi.nic.in
- Researcher reported issue
- Preliminary report submitted
- Updated CP/CPS published
- Final call for comments on incident report
Participants
Naveen Kumar ML
Rob Stradling
Wayne
R. Daurne
External References
Similar Local Cases
eMudhra: Invalid CRL signatures
eMudhra: Failure to respond to a Problem Report within 24 hours
eMudhra emSign PKI Services: CA Certificates not published in DER Encoded Format
eMudhra emSign PKI Services : Key Blocking Mechanism Fails to Validate Historical Public Key Reuse.
eMudhra emSign PKI Services : OCSP Responder Time Inconsistency
eMudhra: Delayed Publication of Issuing CA Certificates In CCADB
eMudhra emSign PKI Services : Issue with revocation as part of automated reissuance
eMudhra: CRL occasionally unavailable and returns 404 error