← Telia Company cases
Bugzilla #2012101
Certificate Misissuance
Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company identified a misissuance of S/MIME Multipurpose certificates during a self-audit on January 23, 2026. The misissued certificates contained subject information that did not belong to natural persons, violating S/MIME BR and Telia CA policies. The issue stemmed from a defect in the S/MIME RA API, which incorrectly parsed subject information. All affected certificates have been revoked, and preventive measures have been implemented to ensure compliance with certificate issuance policies moving forward.
Chronology
- Misissued certificates found during self-audit.
- Update on findings and revocation of affected certificates.
- Full incident report submitted.
- Closure report submitted, all action items completed.
Participants
Antti Backman
External References
Similar Local Cases
Telia: TLS certificates issued in violation of TLS BR v2.0.1
Telia: TLS incorrect AIA caIssuer URI and incorrect CDP
Telia: S/MIME certificates issued in violation of S/MIME BR v1.0.1
Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI
Telia: Certificates Issued with lower case value in subject:countryName
Telia: S/MIME Certificate issued to expired domain
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains"
Telia: invalid IP value in SAN DNS field