← HARICA cases
Bugzilla #2017845
Certificate Problem Report
HARICA: Incorrect nCAId in PSD2 QCStatement for QWACs
ASSIGNED
HARICA
AI Summary
HARICA identified an issue with the manual issuance process for PSD2 Qualified Website Authentication Certificates (QWACs) where the `nCAId` field in the PSD2 QCStatement extension was incorrectly populated. Instead of the required format, the affected certificates included an erroneous `PSD` prefix. A total of four unexpired and unrevoked PSD2 QWACs were affected. HARICA has since replaced and revoked these certificates, updated their validation procedures, and implemented permanent process improvements to prevent future occurrences.
Chronology
- First certificate with incorrect value issued
- Non-compliance identified
- All affected certificates replaced and revoked
- Incident report closure requested
Participants
HARICA
External References
Similar Local Cases
HARICA: Incorrect Open MPIC Lambda implementation by EJBCA ACME Service
HARICA: S/MIME certificate issuance without proper validation
HARICA: wrong characters in NC extension of Technically Constrained Intermediate CA Certificates
HARICA: Insufficient serial number entropy
HARICA: Certificates with invalid policy tree
HARICA: Incorrect OCSP Delegated Responder Certificate
HARICA: OCSP Responder Returned "Unauthorized" for Some Precertificates
HARICA: Anomaly in OCSP services after CA software upgrade