← GlobalSign nv-sa cases
Bugzilla #1304089
Certificate Problem Report
Bug in GlobalSign Certificate Centre not populating EKUs in 68 SSL certificates
RESOLVED
GlobalSign nv-sa
AI Summary
A bug in GlobalSign's Certificate Centre led to 68 SSL certificates being issued without the required Extended Key Usage (EKU) extension. This issue arose after a code update and affected both Extended Validation (EV) and Organizationally Validated (OV) certificates. GlobalSign has since identified and revoked all impacted certificates, and an emergency fix has been implemented to prevent future occurrences.
Chronology
- Bug reported by GlobalSign
- All affected certificates were revoked
- GlobalSign confirmed all impacted certs have been identified and revoked
- Bug closed as fixed
Participants
Steve Roylance
Kathleen Wilson
Gervase Markham
Douglas Beattie
External References
Similar Local Cases
GlobalSign: Incapsula issued a certificate for non-existing domain (testslsslfeb20.me)
GlobalSign CloudSSL CA - SHA256 - G3 issued certificate without required extensions
DigiCert: no subject alternative name in Siemens certs
Investigate *.google.com certificate issued by DigiNotar and used by Iran government?
Camerfirma: Startcom are issuing by proxy using Camerfirma
GoDaddy: New GoDaddy incorrect issuance bug appears to be regression of 2010 issue
LuxTrust: issuing 1024 bit certificates
DigiCert: Non-BR-Compliant OCSP Responders