← Disig, a.s. cases
Bugzilla #2007132 Certificate Problem Report

Disig: Certificates with invalid embedded SCT signature

RESOLVED FIXED Disig, a.s.
AI Summary

Disig identified an issue where four end-user OV certificates contained an invalid embedded SCT signature. All affected certificates were revoked, and an internal investigation was initiated. The root cause was traced to a failure in preserving CT log response data during the final certificate assembly, compounded by a new CT log behavior. Remedial actions included the integration of a linter into the pre-issuance pipeline and strengthening change control processes. The incident has been resolved, and all action items have been completed.

Model: gpt-4o-mini Generated: 2026-06-13 21:25 UTC Confidence: 1.00
Chronology
  1. Incident identified and certificates revoked.
  2. Full incident report delayed.
  3. Final report submitted and closure requested.
Participants
Jozef Nigut Peter Miskovic
External References
Original Bugzilla Case crt.sh crt.sh crt.sh crt.sh
Similar Local Cases
#1888104 RESOLVED Certificate Problem Report Opened 2024-03-27 · Closed 2024-07-11 · 68% similar
Disig: TLS certificate with basicConstraints not marked as critical
AI Summary CA Owner
#1907667 RESOLVED Certificate Problem Report Opened 2024-07-12 · Closed 2024-08-17 · 67% similar
Disig: Two certificates with same serial number
AI Summary CA Owner
#1889672 RESOLVED Certificate Problem Report Opened 2024-04-04 · Closed 2024-06-01 · 61% similar
Disig: Certificates with incorrect Subject attribute order
AI Summary CA Owner
#2008972 RESOLVED Certificate Problem Report Opened 2026-01-07 · Closed 2026-01-28 · 57% similar
Disig: Delayed Full Incident Report
AI Summary CA Owner
#1398242 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 57% similar
Disig: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#2007066 RESOLVED Certificate Problem Report Opened 2025-12-19 · Closed 2026-01-20 · 57% similar
Disig: Missing CA Disig R2I2 Certification Service Full CRL URLs in CCADB
AI Summary CA Owner
#693915 RESOLVED Certificate Problem Report Opened 2011-10-12 · Closed 2022-11-14 · 55% similar
Disig CRL broken, mis-listed? / CA list CRL links need auditing.
AI Summary CA Owner
#1655698 RESOLVED Certificate Problem Report Opened 2020-07-28 · Closed 2023-02-22 · 43% similar
Telekom Security: CRL also contained unrevoked certificates
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action