Closed
Bug 1262610
Opened 8 years ago
Closed 7 years ago
DigiCert: ECCE 001 issuing certificates without subject alternative name extension
Categories
(CA Program :: CA Certificate Compliance, task)
CA Program
CA Certificate Compliance
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: keeler, Assigned: jeremy.rowley)
References
Details
(Whiteboard: [ca-compliance] [ov-misissuance])
ECCE 001 (a sub-CA of ECRaizEstado, which appears to be a sub-CA of GTE CyberTrust/Baltimore) is issuing TLS web server certificates without a subject alternative name extension: https://crt.sh/?id=13520666&opt=cablint https://crt.sh/?id=12072783&opt=cablint https://crt.sh/?id=13086195&opt=cablint https://crt.sh/?id=13043775&opt=cablint https://crt.sh/?id=12096288&opt=cablint
Reporter | ||
Updated•8 years ago
|
Blocks: BR-Compliance
Updated•8 years ago
|
Assignee: kwilson → jeremy.rowley
Comment 1•8 years ago
|
||
Jeremy, Please confirm that this customer has stopped issuing SSL certs that don't have the dNSNames in the subjectAltName extension. If yes, then please close this bug as resolved fixed.
Updated•8 years ago
|
Whiteboard: BR Compliance
Updated•7 years ago
|
Summary: ECCE 001 issuing certificates without subject alternative name extension → DigiCert: ECCE 001 issuing certificates without subject alternative name extension
Updated•7 years ago
|
Component: CA Certificates → CA Certificate Mis-Issuance
Whiteboard: BR Compliance → [ca-compliance]
Assignee | ||
Comment 2•7 years ago
|
||
Confirmed with customer. They no longer issue certs without a SAN.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•1 year ago
|
Product: NSS → CA Program
Updated•1 year ago
|
Whiteboard: [ca-compliance] → [ca-compliance] [ov-misissuance]
You need to log in
before you can comment on or make changes to this bug.
Description
•