← Microsec Ltd. cases
Bugzilla #2005939
Certificate Problem Report
Microsec: CT Logging mistakes
RESOLVED
FIXED
Microsec Ltd.
AI Summary
Microsec Ltd. issued 44 OV website authentication certificates with SCTs from CT log servers marked as 'Qualified' instead of 'Usable'. This misissuance caused errors in earlier versions of Chrome and Firefox when accessing the affected websites. The issue was identified on December 12, 2025, and all affected certificates were revoked within the required 5-day deadline. Microsec has since implemented measures to prevent future occurrences, including automated monitoring of CT log lists and enhanced verification processes.
Chronology
- Non-compliance start date
- Non-compliance identified
- Non-compliance end date
- Report closure summary provided
Participants
dr. Sándor SZŐKE
External References
Similar Local Cases
Microsec: "DV valid" test website certificate issued under incorrect root
Microsec: Issuance of 2 IVCP precertificates without givenName, surName, localityName fields
Microsec: Late response to a CPR
Microsec: Disallowed subject attribute field in DV certificate
Microsec: Incorrect OCSP Delegated Responder Certificate
MICROSEC: Incident report - No OCSP status response for 2 Precertificates
Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB
Microsec: Expired Certificates on test Pages for Revocation