← Cybertrust Japan / JCSI cases
Bugzilla #2007070
Certificate Misissuance
SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ)
RESOLVED
FIXED
Cybertrust Japan / JCSI
AI Summary
A technical issue was identified with TLS server certificates issued by Cybertrust Japan (CTJ), where the Signed Certificate Timestamps (SCTs) returned by CT log servers contained values in the extensions field, but the issued certificates were encoded with an empty extensions field. This resulted in browser validation errors, violating TLS Baseline Requirements. A total of 180 certificates were affected, with 83 valid certificates revoked by December 23, 2025. Remediation measures included system reconfiguration, enhanced oversight, and the implementation of a process to verify SCT signatures.
Chronology
- Non-compliance start date
- Non-compliance identified
- All affected certificates revoked
- Process to verify SCT signatures completed
Participants
SECOM Trust Systems - ONO Fumiaki
External References
Similar Local Cases
SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ)
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ)
SECOM: One of the EV certificate was mis-issued with the incorrect Registration Number by Cybertrust Japan (CTJ)
SECOM: Certificates Issued with lower case value in subject:countryName
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP
SwissSign: S/MIME LCP: CN with values other than email address
HARICA: S/MIME certificate issuance with incorrect commonName
FNMT: LDAP URI in CRL Distribution Points Extension