← AC Camerfirma, S.A. cases
Bugzilla #1405815
Certificate Misissuance
Camerfirma: Certs issued with same issuer and serial number
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
AC Camerfirma, S.A. issued intermediate certificates with the same issuer and serial number, violating the serial number uniqueness requirement of the Baseline Requirements and RFC 5280. An incident report was provided detailing the circumstances and actions taken by the CA. The CA acknowledged the issue was due to a wrong template used during the certificate creation process and has since implemented controls to prevent recurrence. The case has been resolved with no further action required.
Chronology
- Incident reported regarding certificate misissuance
- Request for more details on incident report
- Discussion on the age of the problem and closure of the case
Participants
Kathleen Wilson
Ramiro Muñoz Muñoz
Gervase Markham
Juan Angel
External References
Similar Local Cases
Camerfirma: Potential Mis-Issuance based on CAA records
Actalis: Certs issued with same issuer and serial number
Camerfirma: Infocert misissued certificates
SwissSign: Two certs issued with same issuer and serial number
SHA-1 issuance by DocuSign root
DigiCert / Inteso San Paulo: Double dot characters
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist
Let's Encrypt: CAA Misissuances