Closed
Bug 1262610
Opened 8 years ago
Closed 7 years ago
DigiCert: ECCE 001 issuing certificates without subject alternative name extension
Categories
(CA Program :: CA Certificate Compliance, task)
CA Program
CA Certificate Compliance
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: keeler, Assigned: jeremy.rowley)
References
Details
(Whiteboard: [ca-compliance] [ov-misissuance])
ECCE 001 (a sub-CA of ECRaizEstado, which appears to be a sub-CA of GTE CyberTrust/Baltimore) is issuing TLS web server certificates without a subject alternative name extension: https://crt.sh/?id=13520666&opt=cablint https://crt.sh/?id=12072783&opt=cablint https://crt.sh/?id=13086195&opt=cablint https://crt.sh/?id=13043775&opt=cablint https://crt.sh/?id=12096288&opt=cablint
|
Reporter | |
Updated•8 years ago
|
Blocks: BR-Compliance
|
||
Updated•8 years ago
|
Assignee: kwilson → jeremy.rowley
|
|
||
Comment 1•8 years ago
|
||
Jeremy, Please confirm that this customer has stopped issuing SSL certs that don't have the dNSNames in the subjectAltName extension. If yes, then please close this bug as resolved fixed.
|
|
||
Updated•8 years ago
|
Whiteboard: BR Compliance
|
||
Updated•7 years ago
|
Summary: ECCE 001 issuing certificates without subject alternative name extension → DigiCert: ECCE 001 issuing certificates without subject alternative name extension
|
|
||
Updated•7 years ago
|
Component: CA Certificates → CA Certificate Mis-Issuance
Whiteboard: BR Compliance → [ca-compliance]
|
Assignee | |
Comment 2•7 years ago
|
||
Confirmed with customer. They no longer issue certs without a SAN.
|
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Product: mozilla.org → NSS
|
||
Updated•1 year ago
|
Product: NSS → CA Program
|
||
Updated•1 year ago
|
Whiteboard: [ca-compliance] → [ca-compliance] [ov-misissuance]
You need to log in
before you can comment on or make changes to this bug.
Description
•