← Sectigo cases
Bugzilla #2000277
Certificate Problem Report
Sectigo: Certificate issuance by non-compliant Extant S/MIME CA
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo reported an incident involving the issuance of S/MIME certificates by six non-compliant Extant S/MIME CAs. This issue arose due to a software bug that allowed these CAs to continue issuing certificates despite being marked as disabled. A total of 996 certificates were issued after September 15, 2024, with 531 remaining valid at the time the incident was identified. Sectigo has since implemented a bug fix and refactored their SubCA management to prevent future occurrences.
Chronology
- Non-compliance start date
- Non-compliance identified
- Non-compliance end date
- Incident report closure summary provided
Participants
Martijn Katerbarg
External References
Similar Local Cases
Sectigo: Incorrectly included registrationStateOrProvince in PSD-based cabfOrganizationIdentifier extension
Sectigo: OCSP and CRL traffic not being proxied for 3 Subordinate CAs
Sectigo: S/MIME certificates with (null) string value in subject attributes
Sectigo: QWAC certificates issued with incorrect subject:organizationIdentifier attribute value
Sectigo: OV reuse data applied for wrong organization
Sectigo: OCSP, caIssuers, and CRL endpoints unavailable for a single Subordinate CA
Sectigo: Inaccuracy of CCADB-Disclosed URL for eIDAS CP/CPS
Sectigo: Incorrect OCSP responses