← Asseco Data Systems S.A. cases
Bugzilla #2021685
Certificate Problem Report
Asseco DS / Certum: Finding in Routine WebTrust Audit – S/MIME certificates issued with mailbox validation older than 30 days
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
During a WebTrust audit on March 6, 2026, Certum identified that 181 S/MIME certificates were issued without proper email validation, exceeding the 30-day requirement. Initially, 101 certificates were revoked, but further analysis revealed an additional 61 affected certificates. All impacted certificates were revoked, and changes were made to the issuance system to ensure compliance. A full incident report was published, detailing the root cause and remediation steps taken.
Chronology
- Auditors identified email validation issue during onsite audit.
- Initial revocation of 101 affected certificates completed.
- Full incident report published detailing all affected certificates.
- Closure report submitted after all action items completed.
Participants
Kateryna Aleksieieva
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Asseco DS / Certum: DNS service outage
Asseco DS / Certum: Cross-certificate not included in 2024 S/MIME Audit statement
Asseco DS / Certum: Organization Identifier and Country field discrepancies
Asseco DS / Certum: Irregularities in Xinchacha/Xcc Brand SSL Certificates
Asseco DS / Certum: CRL URLs disclosed in CCADB do not exactly match the CRL URLs in certificates
Asseco DS / Certum: CRL non-conformance with the TLS BRs
Asseco DS / Certum: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order