← TrustAsia Technologies, Inc. cases
Bugzilla #2011865
Certificate Misissuance
TrustAsia: SSL DV Mis-issuance against CP/CPS (IPAddress)
RESOLVED
FIXED
TrustAsia Technologies, Inc.
AI Summary
TrustAsia Technologies, Inc. reported a misissuance of 123 DV SSL certificates containing IP addresses, violating their own Certificate Policy/Certificate Practice Statement (CP/CPS). The issue was identified during an internal review on January 22, 2026, and all affected certificates were revoked by January 24, 2026. The root cause was attributed to inadequate pre-issuance checks and compliance assessments. TrustAsia has since implemented corrective measures, including the development of custom linting tools and a mandatory change checklist to prevent future occurrences.
Chronology
- Internal audit discovered the violation of CP/CPS.
- All affected certificates were revoked.
- Report Closure Summary submitted.
Participants
TrustAsia
External References
Similar Local Cases
Microsoft PKI Services: End Entity Certificate Mis-issuance against CPS (BasicConstraints)
DigiCert: SHA-1 intermediate issued after 2016-01-01
GDCA: Misissuance of certificates with small RSA keys
QuoVadis: Certificate containing Debian weak key
Trustis: Certificate not version 3
KIR S.A.: Misissuance - missing OCSP AIA, Validity > 825 days
IdenTrust: Improper encoding of wildcard certificate
OATI: Misissuance detected by PKIMetal