← PostSignum cases
Bugzilla #2016722
Certificate Misissuance
PostSignum: Mis-issued certificate
RESOLVED
FIXED
PostSignum
AI Summary
PostSignum reported a mis-issuance of a TLS certificate due to a human error during a service intervention. The CA operator mistakenly selected the operational certificate policy instead of the test policy, resulting in a certificate issued with fictitious data. The error was identified shortly after issuance, leading to the immediate revocation of the certificate. PostSignum has since implemented new internal procedures and training to prevent similar incidents in the future.
Chronology
- Service intervention performed by CA operator.
- Mis-issued certificate identified and revoked.
- Full incident report published.
- Report closure summary provided.
Participants
vyvoj.postsignum@cpost.cz
dzacharo@harica.gr
martijn.katerbarg@sectigo.com
agwa-bugs@mm.beanwood.com
incident-reporting@ccadb.org
External References
Similar Local Cases
IdenTrust: unintended creation of a Root CA certificate
Actalis: Issuance of certificate using keys previously reported as compromised
TunTrust: SSL OV mis-issuance against CP/CPS (Email attribute)
Financijska agencija (Fina): Mis-issued certificates
iTrusChina: Issuance of certificates using keys previously reported as compromised
SwissSign: EV code in JurisdiktionStateOrProvinceName
SwissSign: Mis-Issuance of S/MIME certificates
OATI: Misissuance detected by PKIMetal