← Financijska agencija (Fina) cases
Bugzilla #1986968 Certificate Misissuance

Financijska agencija (Fina): Mis-issued certificates

RESOLVED FIXED Financijska agencija (Fina)
AI Summary

Financijska agencija (Fina) issued certificates for two well-known IP addresses and for non-existent domains, which were intended solely for internal testing. The incident was reported by Microsoft’s Trusted Root Program, prompting an investigation that revealed the certificates were issued without proper verification. All affected certificates were revoked, and the private keys were destroyed. Fina has since implemented corrective measures, including revising their procedures for issuing test certificates and enhancing staff training to prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:20 UTC Confidence: 0.90
Chronology
  1. Initial report of mis-issued certificates received from Microsoft.
  2. Affected certificates revoked and private keys destroyed.
  3. Full incident report submitted.
  4. Stage 2 of eIDAS conformity assessment audit began.
  5. Conformity Assessment Report received.
  6. Closure report submitted.
Participants
miroslav.perincic@fina.hr cku@heise.de stephan@verbuecheln.ch zhangyoufu@gmail.com pete@cooperjr.name bwilson@mozilla.com malcolm.doody@gmail.com daniel@binaryparadox.net martijn.katerbarg@sectigo.com
External References
Original Bugzilla Case rdc.fina.hr www.ccadb.org
Similar Local Cases
#1895006 RESOLVED Certificate Misissuance Opened 2024-05-03 · Closed 2024-08-23 · 55% similar
IdenTrust: unintended creation of a Root CA certificate
AI Summary CA Owner
#1850171 RESOLVED Certificate Misissuance Opened 2023-08-25 · Closed 2023-09-29 · 52% similar
SSL.com: S/MIME certificates issued prior to validation
AI Summary CA Owner
#1927384 RESOLVED Certificate Misissuance Opened 2024-10-28 · Closed 2025-01-29 · 51% similar
iTrusChina: Issuance of certificates using keys previously reported as compromised
AI Summary CA Owner
#1777128 RESOLVED Certificate Misissuance Opened 2022-06-28 · Closed 2023-02-22 · 49% similar
GoDaddy: Misissuance of Cross Signed Certs
AI Summary CA Owner
#1750631 RESOLVED Certificate Misissuance Opened 2022-01-17 · Closed 2024-06-30 · 49% similar
SSL.com: Issuance of TLS certificates with domain validation methods prohibited by SC-45
AI Summary CA Owner
#1678720 RESOLVED Certificate Misissuance Opened 2020-11-20 · Closed 2023-02-22 · 48% similar
SSL.com: Wildcard DV certificate issued with a non-validated domain name
AI Summary CA Owner
#1724520 RESOLVED Certificate Misissuance Opened 2021-08-06 · Closed 2023-02-22 · 48% similar
SSL.com: Incorrect Domain Validation for 1 TLS certificate with FQDN having "www." string within domain labels
AI Summary CA Owner
#2016722 RESOLVED Certificate Misissuance Opened 2026-02-13 · Closed 2026-03-17 · 48% similar
PostSignum: Mis-issued certificate
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action