← DigiCert cases
Bugzilla #1420861 · Certificate Problem Report

DigiCert / Thawte: CAA Mis-Issuance on mix of wildcard and non-wildcard DNS names in SAN

DigiCert · RESOLVED
AI Summary

This case addresses a potential mis-issuance of a certificate by Thawte involving a mix of wildcard and non-wildcard DNS names in the Subject Alternative Name (SAN). The issue arose when it was suspected that CAA checks were bypassed during issuance. However, the CA provided logs indicating that no CAA records were found, suggesting that the issuance was valid. The discussion highlights the challenges in verifying CAA compliance and the need for improved transparency in the process.

Model: gpt-4o-mini Generated: 2026-06-13 11:17 UTC Confidence: 0.80
Chronology
  1. Bug reported regarding potential CAA mis-issuance.
  2. CA provided logs indicating no CAA records were found.
Participants
Quirin Scheitle Jeremy Rowley Gerv Tim
External References
Original Bugzilla Case groups.google.com groups.google.com misissued.com
Similar Local Cases
#1262610 RESOLVED Certificate Problem Report Opened 2016-04-06 · Closed 2023-02-22 · 58% similar
DigiCert: ECCE 001 issuing certificates without subject alternative name extension
AI Summary CA Owner
#1427034 RESOLVED Certificate Problem Report Opened 2017-12-25 · Closed 2024-05-09 · 57% similar
DigiCert: localbattle.net certificate with private key in software / issued by Digicert
AI Summary CA Owner
#1398269 RESOLVED Certificate Problem Report Opened 2017-09-08 · Closed 2023-02-22 · 57% similar
DigiCert: Non-BR-Compliant OCSP Responders
AI Summary CA Owner
#1017157 RESOLVED Certificate Problem Report Opened 2014-05-28 · Closed 2023-02-22 · 57% similar
DigiCert: no subject alternative name in Siemens certs
AI Summary CA Owner
#1447192 RESOLVED Certificate Problem Report Opened 2018-03-20 · Closed 2023-02-22 · 56% similar
DigiCert: Onion Certs
AI Summary CA Owner
#1417771 RESOLVED Certificate Problem Report Opened 2017-11-16 · Closed 2024-06-30 · 56% similar
DigiCert: Symantec non-constrained/non-disclosed intermediate CA certificates
AI Summary CA Owner
#1397957 RESOLVED Certificate Problem Report Opened 2017-09-07 · Closed 2023-02-22 · 56% similar
DigiCert / CTJ: Metadata in OU fields, Reserved IP Address
AI Summary CA Owner
#1397951 RESOLVED Certificate Problem Report Opened 2017-09-07 · Closed 2023-02-22 · 56% similar
DigiCert / InfoCert: Insufficient Serial Number Entropy
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action