Elektronik Bilgi Guvenligi: Issuing 1024 bit certificates

RESOLVED FIXED

Status

NSS
CA Certificate Root Program
RESOLVED FIXED
4 years ago
8 months ago

People

(Reporter: Kurt Roeckx, Assigned: Muhammet KALAYCILAR)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: BR Compliance - 1024 bit certs)

(Reporter)

Description

4 years ago
Hi,

I'm seeing 1024 bit certificates generated from the following root CA, directly to subscriber:
C = TR
O = Elektronik Bilgi Guvenligi A.S.
CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
(Reporter)

Updated

4 years ago
Blocks: 1029147
(Reporter)

Updated

3 years ago
Whiteboard: BR Compliance - 1024 bit certs
Kathleen: can you assign this to the relevant CA contact?

Gerv

Updated

3 years ago
Assignee: kwilson → muhammet.kalaycilar
(Reporter)

Comment 2

3 years ago
I'm still seeing at least one issued in November 2014.
(Reporter)

Comment 3

2 years ago
Generated in 2015:
https://crt.sh/?id=7198093

Comment 4

2 years ago
 I’m working at Electrionic  Information Security Company (E-Güven) as a Quality and Process specialist.My name’s Nermin Güngör. What can we do to verify the root certificate?
Note:we have management standard certification ETSI.

Comment 5

2 years ago
(In reply to Nermin Güngör from comment #4)
>  I’m working at Electrionic  Information Security Company (E-Güven) as a
> Quality and Process specialist.My name’s Nermin Güngör. What can we do to
> verify the root certificate?
> Note:we have management standard certification ETSI.

You can get the 1024-bit cert in question by browsing to https://crt.sh/?id=7198093
In the "Certificate|ASN.1" section click on "Certificate:" to download the cert.

I am closing this bug as fixed, because the "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" root cert was removed from Firefox 38 via Bug #1145270, so as far as Firefox is concerned, this issue has been resolved.

After E-Guven has addressed all non-compliance with the CA/Browser Forum Baseline Requirements, E-Guven may re-apply for root inclusion by filing a new Bugzilla Bug as described here: https://wiki.mozilla.org/CA:How_to_apply
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED

Comment 6

2 years ago
Hi,

Thank you for  information. I shared our new certification, we're signing from the root. 

Please sorry for the delay.

BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIQWC7oW3XORCoaeibWzLlpnzANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJUUjEoMCYGA1UECgwfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp
Z2kgQS5TLjE/MD0GA1UEAww2RS1HVVZFTiBLb2sgRWxla3Ryb25payBTZXJ0aWZp
a2EgSGl6bWV0IFNhZ2xheWljaXNpIFMzMB4XDTE2MDIwNDExMzY1NVoXDTE5MDMw
ODE0NDM1NVowgYcxCzAJBgNVBAYTAlRSMREwDwYDVQQIEwhJU1RBTkJVTDERMA8G
A1UEBxMISVNUQU5CVUwxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kgR3V2ZW5s
aWdpIEEuUy4xCzAJBgNVBAsTAklUMRswGQYDVQQDExJjbGllbnQuamV0b25heS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSuBLdsJ0NCOuSHFBd
aCdxnZGgBYBgaAavOvvHykBRrpPJFgHPw1tEEDSZNBHPHMrsvzytuNdd6TB3DIc6
2ospMl40SKFcN4gF+Xe2IiSE9bBEL9cggPYv0njcILBlLcY4ZL3FRU+pSD3jsDYe
rwQVYfvmw/3DNYtU0RG/65oSK64KUTXCVF4oxw0MPMAHPzLBUNDRrdSPiLZ8NlaS
lDOhOiHeQ+GPlzOWvLE16AAg3NIWSVWki1PHmDI40PMiD3qishhAvcsJF0obvssi
aerX8TW8aYdgG6a1yh/8pBwzwXeui96mqrUj3hSQvXji933LMDdUEshX+ju9BqXz
SKitAgMBAAGjggG1MIIBsTB2BggrBgEFBQcBAQRqMGgwLgYIKwYBBQUHMAGGImh0
dHA6Ly9vY3NwMi5lLWd1dmVuLmNvbS9vY3NwLnh1ZGEwNgYIKwYBBQUHMAKGKmh0
dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL0tPS1MzLmNydDAfBgNVHSME
GDAWgBTidDP/GlZ5BUXYIcewKoqH56R4sDAJBgNVHRMEAjAAMGUGA1UdIAReMFww
WgYEKgMEBTBSMBUGCCsGAQUFBwIBFgkxLjIuMy40LjUwOQYIKwYBBQUHAgIwLTAY
FhFSZXBsYWNlIFRoaXMgVGV4dDADAgEBGhFSZXBsYWNlIFRoaXMgVGV4dDBWBgNV
HR8ETzBNMEugSaBHhkVodHRwOi8vc2lsLmUtZ3V2ZW4uY29tL0VsZWt0cm9uaWtC
aWxnaUd1dmVubGlnaUFTUm9vdFMzL0xhdGVzdENSTC5jcmwwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUAI4j
eVGSU9dFzUu6pMsrGA0OEgEwDQYJKoZIhvcNAQELBQADggEBAGSELe08SwmIdTBf
B9eqHDOU2yVsY6gAwsgHv39sVuW3siQ2UqpIDhnhhFDaiURmwQkBKBQ8LMffI3l9
QI9wFB1HnzIGkSXS1fy1TVd1vyNt8700mZXxWOcHo9BVeOvPq7SAtORU/LlecFX3
SN2J66tXu7A35iCyfoezn8tqkee23ossQEMsGZ0ZyqUbrzTWVqjVjmCXOl/O9BBQ
Egk+pBkIVogC3jGu2uaPScBqeePv/6ei4dnAuKEMn6AZ6uHAkOAEkQvMi09Vi4co
F1ILsoe1FZTr8OegnvhZQIOurrjS3bIHqoigQ/B0s7dP1fdB/v7R/zrcAS9EjZRY
TLOmUYk=
-----END CERTIFICATE-----



C:\Users\gunay>cd..

C:\Users>cd..

C:\>Certutil –dump jetonay.cer
X.509 Sertifikası:
Sürüm: 3
Seri No: 582ee85b75ce442a1a7a26d6ccb9699f
İmza Algoritması:
    Algoritma Nesne Kimliği: 1.2.840.113549.1.1.11 sha256RSA
    Algoritma Parametreleri:
    05 00
Sertifikayı veren:
    CN=E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3
    O=Elektronik Bilgi Guvenligi A.S.
    C=TR

 NotBefore: 04.02.2016 13:36
 NotAfter: 08.03.2019 16:43

Konu:
    CN=client.jetonay.com
    OU=IT
    O=Elektronik Bilgi Guvenligi A.S.
    L=ISTANBUL
    S=ISTANBUL
    C=TR

Ortak Anahtar Algoritması:
    Algoritma Nesne Kimliği: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algoritma Parametreleri:
    05 00
Özel Anahtar Uzunluğu: 2048 bit
Ortak Anahtar: UnusedBits = 0
    0000  30 82 01 0a 02 82 01 01  00 d2 b8 12 dd b0 9d 0d
    0010  08 eb 92 1c 50 5d 68 27  71 9d 91 a0 05 80 60 68
    0020  06 af 3a fb c7 ca 40 51  ae 93 c9 16 01 cf c3 5b
    0030  44 10 34 99 34 11 cf 1c  ca ec bf 3c ad b8 d7 5d
    0040  e9 30 77 0c 87 3a da 8b  29 32 5e 34 48 a1 5c 37
    0050  88 05 f9 77 b6 22 24 84  f5 b0 44 2f d7 20 80 f6
    0060  2f d2 78 dc 20 b0 65 2d  c6 38 64 bd c5 45 4f a9
    0070  48 3d e3 b0 36 1e af 04  15 61 fb e6 c3 fd c3 35
    0080  8b 54 d1 11 bf eb 9a 12  2b ae 0a 51 35 c2 54 5e
    0090  28 c7 0d 0c 3c c0 07 3f  32 c1 50 d0 d1 ad d4 8f
    00a0  88 b6 7c 36 56 92 94 33  a1 3a 21 de 43 e1 8f 97
    00b0  33 96 bc b1 35 e8 00 20  dc d2 16 49 55 a4 8b 53
    00c0  c7 98 32 38 d0 f3 22 0f  7a a2 b2 18 40 bd cb 09
    00d0  17 4a 1b be cb 22 69 ea  d7 f1 35 bc 69 87 60 1b
    00e0  a6 b5 ca 1f fc a4 1c 33  c1 77 ae 8b de a6 aa b5
    00f0  23 de 14 90 bd 78 e2 f7  7d cb 30 37 54 12 c8 57
    0100  fa 3b bd 06 a5 f3 48 a8  ad 02 03 01 00 01
Sertifika Uzantıları: 8
    1.3.6.1.5.5.7.1.1: Bayraklar = 0, Uzunluk = 6a
    Yetkili Bilgi Erişimi
        [1]Yetkili Bilgi Erişimi
             Erişim Yöntemi=Çevrimiçi Sertifika Durum Protokolü (1.3.6.1.5.5
8.1)
             Diğer Ad:
                  URL=http://ocsp2.e-guven.com/ocsp.xuda
        [2]Yetkili Bilgi Erişimi
             Erişim Yöntemi=Sertifika Yetkilisi Yayımcısı (1.3.6.1.5.5.7.48.
             Diğer Ad:
                  URL=http://www.e-guven.com/documents/KOKS3.crt

    2.5.29.35: Bayraklar = 0, Uzunluk = 18
    Yetkili Anahtarı Tanımlayıcısı
        AnahtarKimliği=e2 74 33 ff 1a 56 79 05 45 d8 21 c7 b0 2a 8a 87 e7 a4
b0

    2.5.29.19: Bayraklar = 0, Uzunluk = 2
    Temel Kısıtlamalar
        Konu Türü=Son Varlık
        Yol Uzunluğu Kısıtlaması=Yok

    2.5.29.32: Bayraklar = 0, Uzunluk = 5e
    Sertifika İlkeleri
        [1]Sertifika İlkesi:
             İlke Tanımlayıcısı=1.2.3.4.5
             [1,1]İlke Niteleyicisi Bilgisi:
                  İlke Niteleyicisi Kimliği=CPS
                  Niteleyici=
                       1.2.3.4.5
             [1,2]İlke Niteleyicisi Bilgisi:
                  İlke Niteleyicisi Kimliği=Kullanıcı Uyarısı
                  Niteleyici=
                       Uyarı Tercihi:
                            Kuruluş=Replace This Text
                            Uyarı Numarası=1
                       Uyarı Metni=Replace This Text

    2.5.29.31: Bayraklar = 0, Uzunluk = 4f
    CRL Dağıtım Noktaları
        [1]CRL Dağıtım Noktası
             Dağıtım Noktası Adı:
                  Tam Ad:
                       URL=http://sil.e-guven.com/ElektronikBilgiGuvenligiAS
S3/LatestCRL.crl

    2.5.29.37: Bayraklar = 0, Uzunluk = 16
    Gelişmiş Anahtar Kullanımı
        Sunucu Kimlik Doğrulaması (1.3.6.1.5.5.7.3.1)
        İstemci Kimlik Doğrulaması (1.3.6.1.5.5.7.3.2)

    2.5.29.15: Bayraklar = 1(Kritik), Uzunluk = 4
    Anahtar Kullanımı
        Dijital İmza, Anahtar Şifreleme (a0)

    2.5.29.14: Bayraklar = 0, Uzunluk = 16
    Konu Anahtarı Tanımlayıcısı
        00 8e 23 79 51 92 53 d7 45 cd 4b ba a4 cb 2b 18 0d 0e 12 01

İmza Algoritması:
    Algoritma Nesne Kimliği: 1.2.840.113549.1.1.11 sha256RSA
    Algoritma Parametreleri:
    05 00
İmza: UnusedBits=0
    0000  89 51 a6 b3 4c 58 94 8d  44 2f 01 dc 3a ff d1 fe
    0010  fe 41 f7 d5 4f b7 b3 74  f0 43 a0 88 aa 07 b2 dd
    0020  d2 b8 ae ae 83 40 59 f8  9e a0 e7 f0 eb 94 15 b5
    0030  87 b2 0b 52 17 28 87 8b  55 4f 8b cc 0b 91 04 e0
    0040  90 c0 e1 ea 19 a0 9f 0c  a1 b8 c0 d9 e1 a2 a7 ff
    0050  ef e3 79 6a c0 49 8f e6  da ae 31 de 02 88 56 08
    0060  19 a4 3e 09 12 50 10 f4  ce 5f 3a 97 60 8e d5 a8
    0070  56 d6 34 af 1b a5 ca 19  9d 19 2c 43 40 2c 8b de
    0080  b6 e7 91 6a cb 9f b3 87  7e b2 20 e6 37 b0 bb 57
    0090  ab eb 89 dd 48 f7 55 70  5e b9 fc 54 e4 b4 80 b4
    00a0  ab cf eb 78 55 d0 a3 07  e7 58 f1 95 99 34 bd f3
    00b0  6d 23 bf 75 57 4d b5 fc  d5 d2 25 91 06 32 9f 47
    00c0  1d 14 70 8f 40 7d 79 23  df c7 2c 3c 14 28 01 09
    00d0  c1 66 44 89 da 50 84 e1  19 0e 48 aa 52 36 24 b2
    00e0  b7 e5 56 6c 7f bf 07 c8  c2 00 a8 63 6c 25 db 94
    00f0  33 1c aa d7 07 5f 30 75  88 09 4b 3c ed 2d 84 64
Kök Olmayan Sertifika
Anahtar Kimliği Karması(rfc-sha1): 00 8e 23 79 51 92 53 d7 45 cd 4b ba a4 cb
18 0d 0e 12 01
Anahtar Kimliği Karması(sha1): 35 aa 2e 68 59 12 70 4c 81 e0 a6 f4 bf f0 5a
9 73 1d 8f
Sertifika Karması(md5): 32 46 a4 94 18 e9 4c 78 a3 fc 38 1b 93 ae e4 38
Sertifika Karması(sha1): 79 da 2c 2a ff 20 cf e7 89 7d 7c dd c6 65 43 0d 44
0 fd
CertUtil: -dump komutu başarıyla tamamlandı.

C:\>

Updated

8 months ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.