← D-TRUST cases
Bugzilla #1390990 Certificate Problem Report

D-TRUST: Non-BR-Compliant Certificate Issuance

RESOLVED FIXED D-TRUST
AI Summary

D-TRUST faced issues with the issuance of non-Baseline Requirements (BR) compliant certificates, specifically regarding dNSName containing '/' and short serial numbers. The CA was required to provide a detailed remediation plan, which included stopping the issuance of problematic certificates and implementing changes to their validation processes. D-TRUST acknowledged the mistakes and outlined steps taken to prevent future occurrences, including enhancing their internal processes and communication with customers. The case was resolved with a commitment to compliance and regular updates on the remediation progress.

Model: gpt-4o-mini Generated: 2026-06-13 17:04 UTC Confidence: 0.95
Chronology
  1. Issuance of problematic certificates stopped.
  2. Hotfix to validate CSR against RFC 5280 implemented.
  3. All certificates with short serial numbers revoked.
Participants
Kathleen Wilson Arno Fiedler Ryan Sleevi Kim Nguyen Enrico Entschew
External References
Original Bugzilla Case
Similar Local Cases
#1567588 RESOLVED Certificate Problem Report Opened 2019-07-19 · Closed 2023-02-22 · 74% similar
D-TRUST: incorrectly formatted businessCategory entry
AI Summary CA Owner
#1563772 RESOLVED Certificate Problem Report Opened 2019-07-05 · Closed 2023-02-22 · 73% similar
D-TRUST: Precertificate OU > 64 Characters
AI Summary CA Owner
#1393557 RESOLVED Certificate Problem Report Opened 2017-08-24 · Closed 2023-02-22 · 62% similar
GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits
AI Summary CA Owner
#1390997 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 60% similar
GlobalSign: Non-BR-Compliant Certificate Issuance - metadata-only subject fields
AI Summary CA Owner
#1509512 RESOLVED Certificate Problem Report Opened 2018-11-23 · Closed 2023-02-22 · 59% similar
D-TRUST: syntax error in one tls certificate
AI Summary CA Owner
#1398243 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 59% similar
certSIGN: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1390994 RESOLVED Certificate Problem Report Opened 2017-08-16 · Closed 2023-02-22 · 59% similar
DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance
AI Summary CA Owner
#1389172 RESOLVED Certificate Problem Report Opened 2017-08-10 · Closed 2023-02-22 · 59% similar
DigiCert: Certificate Issues Identified on the Mailing List
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action