← Internet Security Research Group cases
Bugzilla #1391867 · Certificate Problem Report
Let's Encrypt: Non-BR-Compliant Certificate Issuance
Internet Security Research Group · RESOLVED
AI Summary
This case addresses a compliance issue with Let's Encrypt regarding the issuance of non-Baseline Requirements (BR) compliant certificates. The CA was notified of the problem on August 10, 2017, and promptly applied a fix to their infrastructure. They confirmed that they ceased issuing the problematic certificates and provided a list of affected certificates. The issue stemmed from a mistake in their software code that was not caught during review, but was resolved on the same day it was reported.
Chronology
- Let's Encrypt notified of compliance issue
- Fix applied to production infrastructure
Participants
Kathleen Wilson
Josh Aas
External References
Similar Local Cases
StartCom: IV without localityName or stateOrProvinceName
DigiCert: Non-BR Compliant Certificates - missing CP/CPS OID
GlobalSign: Incapsula issued a certificate for non-existing domain (testslsslfeb20.me)
Hongkong Post e-Cert CA 1 - 10 issuing certificates without subject alternative name extension
DigiCert: ECCE 001 issuing certificates without subject alternative name extension
Camerfirma: Startcom are issuing by proxy using Camerfirma
D-Trust: issuing 1024 bit certificates
DigiCert: Revoked intermediate certificates not in CRL