Closed
Bug 1301545
Opened 9 years ago
Closed 9 years ago
GlobalSign CloudSSL CA - SHA256 - G3 issued certificate without required extensions
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: keeler, Assigned: kathleen.a.wilson)
References
Details
Attachments
(3 files)
Human Error issuance of test certificate.PNG
Recently GlobalSign CloudSSL CA - SHA256 - G3 issued a certificate with no subject alternative name extension, no authority information access extension, and no certificate policies extension: https://crt.sh/?id=23431588&opt=cablint
|
Assignee | |
Comment 1•9 years ago
|
||
Steve and Richard, please resolve this bug.
|
||
Comment 2•9 years ago
|
||
Hi David, Kathleen
An Engineer performed issuance based on a test CSR for a domain owned by GMO GlobalSign KK. The purpose of the test was to check on the speed of issuance from the system and it was felt by the engineer (incorrectly) that a direct request would be the best method. The direct issuance was allowed as the engineer had direct access as a trusted individual. What he failed to realise is that this method did not impose the policy controls, hence no SAN was added etc.
We will be amending our system to enforce policy from direct manual issuance as well as from system issuance.
The mistake was realised within 71 minutes and the certificate was revoked.
I have attached the certificate, a CRL showing it's revoked and a screen shot of these plus WHOIS details.
Apologies for the human error and have a good weekend.
Steve
|
|
||
Comment 3•9 years ago
|
||
|
|
||
Comment 4•9 years ago
|
||
|
|
||
Comment 5•9 years ago
|
||
|
|
Assignee | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Product: mozilla.org → NSS
|
||
Updated•3 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•