← Sectigo cases
Bugzilla #1977253
Certificate Problem Report
Sectigo: OV reuse data applied for wrong organization
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo experienced a human error that led to the application of OV reuse data for the wrong organization on a single certificate. The issue was identified by the Subscriber, who requested revocation and replacement. Following the incident, Sectigo revoked the incorrect certificate and implemented a technical control to prevent similar occurrences in the future. The incident was reported in accordance with the relevant policies, and all action items have been completed as of September 1, 2025.
Chronology
- Certificate issued with incorrect organization details
- Incident identified and certificate revoked
- All action items completed and report closure requested
Participants
Tim Callan
Martijn Katerbarg
External References
Similar Local Cases
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value
Sectigo: Failure to block disallowed LDH labels in domain names
Sectigo: SC45 DCV Reuse Error
Sectigo: OCSP, caIssuers, and CRL endpoints unavailable for a single Subordinate CA
Sectigo: Certificate issuance by non-compliant Extant S/MIME CA
Sectigo: Missing registration numbers in EV certificates
Sectigo: Incorrect OCSP responses
Sectigo: Late revocation for incomplete Subject organizationName