← Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) cases

Kamu SM: Incorrect CRL Served at SSL CRL Distribution Point

ASSIGNED Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)

This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.

AI Summary

The bug describes an incident where, on 2026-06-17, a configuration error in the CRL publication process during a key rollover operation caused a CRL from a different subordinate CA environment to be copied to the production SSL CRL Distribution Point (http://depo.kamusm.gov.tr/ssl/SSLSIL.S3.crl). As a result, the CRL issuer DN did not match the subject DN of the production SSL subordinate CA, producing a CRL issuer mismatch error reported via CRLWatch. The issue was identified promptly and the correct CRL was restored, allowing the distribution point to resume providing the correct CRL file. The reporter states that a full incident report is being prepared and will be submitted after root cause analysis. The incident disclosure is described as “Third Party Reported,” and the relevant policies referenced are BR Section 2 (Publication and Repository Responsibilities) and Section 4.9.7 (CRL Issuance Frequency).

Model: gpt-5.4-nano Generated: 2026-06-19 19:38 UTC Confidence: 0.62 1 comment

Chronology

2026-06-17 During key rollover for the Mobile Qualified Electronic Certificate Subordinate CA, an incorrect CRL was copied to the production SSL CRL distribution point, causing an issuer DN mismatch error.
2026-06-17 The correct CRL was restored and the SSL CRL distribution point resumed providing the correct CRL file.
2026-06-18 A preliminary incident report bug was filed describing the CRL publication process configuration error and planned root-cause analysis report.

Thread Activity

2026-06-18 melis.balkaya@tubitak.gov.tr — Filed a preliminary incident report stating that a configuration error led to an incorrect CRL being served at the SSL CRL distribution point, that CRLWatch reported an issuer DN mismatch, and that the correct CRL was restored while a full incident report is being prepared.

Participants

melis.balkaya@tubitak.gov.tr

External References

Original Bugzilla Case depo.kamusm.gov.tr

Similar Local Cases

#1320943 RESOLVED Revocation Issue Repository Issue Opened 2016-11-29 · Closed 2022-11-14 · 67% similar

Add revoked certificate Certification Authority of WoSign G2 issued by Certum CA root to OneCRL

AI Summary CA Owner

#1942270 RESOLVED Revocation Issue Repository Issue Opened 2025-01-17 · Closed 2025-04-07 · 66% similar

SSL.com: Revocation process requires submission to a form that is unusable

AI Summary CA Owner

#1815534 RESOLVED Ca Certificate Compliance Certificate Misissuance Revocation Issue Opened 2023-02-07 · Closed 2024-04-17 · 59% similar

e-commerce monitoring GmbH: SCT in precertificate

AI Summary CA Owner

#2048995 UNCONFIRMED Externally Reported Incident Problem Reporting Failure Opened 2026-06-19 Still Open · 58% similar

eMudhra emSign PKI Services :: OCSP Responder Returned "Unauthorized" for Some Pecertificates

AI Summary CA Owner

#2047843 ASSIGNED Externally Reported Incident Problem Reporting Failure Opened 2026-06-16 Still Open · 58% similar

Certigna: Pre-certificates not recognised by the OCSP responder

AI Summary CA Owner

#1910451 RESOLVED Certificate Misissuance Revocation Issue Opened 2024-07-29 · Closed 2024-08-21 · 58% similar

Sectigo: Missing character in subject:organizationName attribute value

AI Summary CA Owner

#1912225 RESOLVED Revocation Issue Opened 2024-08-08 · Closed 2024-09-26 · 58% similar

Sectigo: HTML encoded characters in subject attribute values

AI Summary CA Owner

#1800405 RESOLVED Repository Issue Opened 2022-11-14 · Closed 2023-02-22 · 58% similar

Amazon Trust Services / DigiCert: 404 error when fetching CRL

AI Summary CA Owner