← Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA) cases
Bugzilla #2032473
Certificate Misissuance
CCA India: Misissuance detected by PKIMetal
ASSIGNED
Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)
AI Summary
The CCA India has been notified of a misissuance incident involving SSL/TLS certificates issued under the CCA SSL Root CA hierarchy. The issue pertains to the encoding of the explicitText field in the Certificate Policies extension, which was incorrectly encoded using VisibleString or BMPString. A total of 251 certificates were identified as affected, with 151 still valid. The incident was disclosed through Mozilla Bugzilla and related PKIMetal findings. Remediation efforts are underway, including stopping issuance under the affected profile and planning controlled revocation of the impacted certificates to minimize operational disruption.
Chronology
- Mozilla Bugzilla Bug #2032473 opened
- PKIMetal/crt.sh lint findings escalated
- Detailed incident response requested by Mozilla Root Program
- Issuance under affected certificate profile stopped
- Affected certificate population identified
- Certificate profile configuration corrected
Participants
incident-reporting@ccadb.org
ram@cca.gov.in
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Government of Korea: Misissuance detected by PKIMetal
VISA: Misissuance detected by PKIMetal
OATI: Misissuance detected by PKIMetal
TunTrust: SSL OV mis-issuance against CP/CPS (Email attribute)
DigiCert: Misissuance detected by PKIMetal
Microsoft PKI Services: Misissuance detected by PKIMetal
PostSignum: Mis-issued certificate
Certisign: Misissuance detected by PKIMetal