Closed Bug 1534535 Opened 5 years ago Closed 5 years ago

QuoVadis / Siemens: Insufficient serial number entropy

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: stephen.davidson, Assigned: rufus.buschart)

Details

(Whiteboard: [ca-compliance] [ov-misissuance])

  1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion inmozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

Our customer Siemens performed in November 2017 compliance scans with zLint which resulted in serial number warnings. As part of our joint program with Siemens to issue zero certificates with linter warnings, we decided to pro-actively increase the serial number length from 64 bits to 160 bits in the configuration file of their CA software (EJBCA). The change was implemented on 1st of March 2018.

  1. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

[2017-11] Siemens CA first becomes aware the potential issue. Ongoing discussion with the software vendor about the exact root-cause of the warnings.
[2017-12] Discussion with the Siemens CA's customers about possible side effects of increasing the serial number length configuration to 160 bits
[2018-01] Joint discussions between Siemens CA and QuoVadis
[2018-02-21] Decision to increase the serial number lengths configuration from 64 bits to 160 bits, following the standard settings at QuoVadis as best practice
[2018-03-01] Go-live of the new configuration and reporting to Mozilla [2]

  1. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

Siemens CA stopped issuing certificates with a serial numbers length configuration of 64 bits on the 1st of March 2018.

  1. A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

Thirty-five (35) valid (i.e., unrevoked and unexpired) certificates were identified as exhibiting this problem. The first certificate with the problem was issued on 2017-09-04 07:59:30 (https://crt.sh/?id=206534226 ). The last such certificate exhibiting the problem was issued on 2018-02-28 18:15:23 ( https://crt.sh/?id=344107028 ).

  1. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

The certificates are:
"URL" "Not before" "Not after"
"https://crt.sh/?id=323091189" "2018-02-05 10:40:20" "2019-03-14 06:55:15" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.siemens.com" "02" "08"
"https://crt.sh/?id=323091180" "2018-02-05 10:40:16" "2019-03-14 06:55:27" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.siemens.se" "02" "08"
"https://crt.sh/?id=323091208" "2018-02-05 10:40:23" "2019-03-14 06:55:31" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.usa.siemens.com" "02" "08"
"https://crt.sh/?id=344106944" "2018-02-28 18:15:20" "2019-03-16 13:40:21" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=wkauth.industrysoftware.automation.siemens.com" "02" "08"
"https://crt.sh/?id=335428145" "2018-02-19 16:35:13" "2019-03-17 15:30:16" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=eagledc.siemens.com" "02" "08"
"https://crt.sh/?id=339068496" "2018-02-23 13:50:13" "2019-03-21 09:21:05" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=amccsg.siemens.com" "02" "08"
"https://crt.sh/?id=344054579" "2018-02-28 16:55:13" "2019-03-22 15:05:15" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=www.sitrain-learning.siemens.com" "02" "08"
"https://crt.sh/?id=344107028" "2018-02-28 18:15:23" "2019-03-31 13:55:17" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=wwwtest.plm.automation.siemens.com" "02" "08"
"https://crt.sh/?id=337261111" "2018-02-21 13:40:13" "2019-04-06 10:50:16" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=PD SLN OEC STD MTP TO, CN=pims.siemens.no" "02" "08"
"https://crt.sh/?id=206235732" "2017-09-08 07:45:13" "2019-09-08 07:45:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Industry, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206235948" "2017-09-08 07:55:14" "2019-09-08 07:55:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206235972" "2017-09-08 07:56:01" "2019-09-08 07:56:01" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Industry, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206236145" "2017-09-08 08:05:14" "2019-09-08 08:05:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206236640" "2017-09-08 08:25:13" "2019-09-08 08:25:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206236993" "2017-09-08 08:30:14" "2019-09-08 08:30:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206237366" "2017-09-08 08:35:14" "2019-09-08 08:35:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206259219" "2017-09-08 08:40:13" "2019-09-08 08:40:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206259691" "2017-09-08 08:55:14" "2019-09-08 08:55:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Industry, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206260235" "2017-09-08 09:05:14" "2019-09-08 09:05:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206260510" "2017-09-08 09:10:13" "2019-09-08 09:10:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206260931" "2017-09-08 09:20:14" "2019-09-08 09:20:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "02" "08"
"https://crt.sh/?id=206261150" "2017-09-08 09:25:13" "2019-09-08 09:25:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "02" "08"
"https://crt.sh/?id=206261439" "2017-09-08 09:35:17" "2019-09-08 09:35:17" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "02" "08"
"https://crt.sh/?id=206274530" "2017-09-08 09:40:13" "2019-09-08 09:40:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206274962" "2017-09-08 09:55:17" "2019-09-08 09:55:17" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Industry, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206275255" "2017-09-08 10:05:13" "2019-09-08 10:05:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=update.industry.siemens.com" "02" "08"
"https://crt.sh/?id=206276112" "2017-09-08 10:35:14" "2019-09-08 10:35:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "02" "08"
"https://crt.sh/?id=206276298" "2017-09-08 10:40:13" "2019-09-08 10:40:13" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=w2.siemens.at" "02" "08"
"https://crt.sh/?id=206288666" "2017-09-08 10:53:46" "2019-09-08 10:53:46" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB, CN=extranet.pg.siemens.com" "02" "08"
"https://crt.sh/?id=206288667" "2017-09-08 10:53:50" "2019-09-08 10:53:50" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=efms-ext.siemens.be" "02" "08"
"https://crt.sh/?id=206288842" "2017-09-08 10:56:46" "2019-09-08 10:56:46" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT SCM CDI AMC, CN=eai-integration.siemens.de" "02" "08"
"https://crt.sh/?id=206288847" "2017-09-08 10:56:50" "2019-09-08 10:56:50" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "02" "08"
"https://crt.sh/?id=206289727" "2017-09-08 11:15:14" "2019-09-08 11:15:14" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=www.translation.siemens.com" "02" "08"
"https://crt.sh/?id=209951991" "2017-09-14 07:07:41" "2019-09-14 07:07:41" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens Trust Center, CN=eu.etds.siemens.com" "02" "08"
"https://crt.sh/?id=209951996" "2017-09-14 07:08:11" "2019-09-14 07:08:11" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens Trust Center, CN=etds.siemens.com" "02" "08"

  1. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

Siemens' CA software was configured according the vendor default.

It is really recommended to use at least 64 bits, so please leave

as default unless you are really sure, and have a really good

reason to change it.

We considered the original behavior until 1st of March 2018 as compliant at the time of issuance of the certificates with the wording of the BRGs because the CA software gets full 64 bits of random number from the random source, then excludes those numbers that are outside of the allowed range for certificate serial numbers. We acknowledge that this reading of the BRGs is in the light of the latest discussions on m.d.s.p. not considered as compliant anymore.

  1. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

The situation was resolved on 1st of March 2018. Siemens CA is working together with its customers to replace the remaining 35 certificates until end of March 2019.

[1] https://github.com/zmap/zlint/pull/112#issuecomment-432626027
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1391063#c31

Siemens CA is down to 15 certificates with a serial number length of 63 bits:

"https://crt.sh/?id=344106944&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=wkauth.industrysoftware.automation.siemens.com" "2018-02-28 18:15:20" "2019-03-16 13:40:21"
"https://crt.sh/?id=344054579&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=www.sitrain-learning.siemens.com" "2018-02-28 16:55:13" "2019-03-22 15:05:15"
"https://crt.sh/?id=339068496&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=amccsg.siemens.com" "2018-02-23 13:50:13" "2019-03-21 09:21:05"
"https://crt.sh/?id=337261111&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=PD SLN OEC STD MTP TO, CN=pims.siemens.no" "2018-02-21 13:40:13" "2019-04-06 10:50:16"
"https://crt.sh/?id=335428145&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=EAGLE, CN=eagledc.siemens.com" "2018-02-19 16:35:13" "2019-03-17 15:30:16"
"https://crt.sh/?id=323091208&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.usa.siemens.com" "2018-02-05 10:40:23" "2019-03-14 06:55:31"
"https://crt.sh/?id=323091189&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.siemens.com" "2018-02-05 10:40:20" "2019-03-14 06:55:15"
"https://crt.sh/?id=323091180&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB BAS, CN=w3.siemens.se" "2018-02-05 10:40:16" "2019-03-14 06:55:27"
"https://crt.sh/?id=209951996&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens Trust Center, CN=etds.siemens.com" "2017-09-14 07:08:11" "2019-09-14 07:08:11"
"https://crt.sh/?id=206289727&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=www.translation.siemens.com" "2017-09-08 11:15:14" "2019-09-08 11:15:14"
"https://crt.sh/?id=206288847&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=ssp.siemens.be" "2017-09-08 10:56:50" "2019-09-08 10:56:50"
"https://crt.sh/?id=206288842&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT SCM CDI AMC, CN=eai-integration.siemens.de" "2017-09-08 10:56:46" "2019-09-08 10:56:46"
"https://crt.sh/?id=206288667&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=efms-ext.siemens.be" "2017-09-08 10:53:50" "2019-09-08 10:53:50"
"https://crt.sh/?id=206288666&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB, CN=extranet.pg.siemens.com" "2017-09-08 10:53:46" "2019-09-08 10:53:46"
"https://crt.sh/?id=206235972&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Industry, CN=update.industry.siemens.com" "2017-09-08 07:56:01" "2019-09-08 07:56:01"

Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance]

Down to five and counting:

"https://crt.sh/?id=337261111&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=PD SLN OEC STD MTP TO, CN=pims.siemens.no" "2018-02-21 13:40:13" "2019-04-06 10:50:16" "02" "08"
"https://crt.sh/?id=206289727&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=www.translation.siemens.com" "2017-09-08 11:15:14" "2019-09-08 11:15:14" "02" "08"
"https://crt.sh/?id=206288842&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT SCM CDI AMC, CN=eai-integration.siemens.de" "2017-09-08 10:56:46" "2019-09-08 10:56:46" "02" "08"
"https://crt.sh/?id=206288667&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=efms-ext.siemens.be" "2017-09-08 10:53:50" "2019-09-08 10:53:50" "02" "08"
"https://crt.sh/?id=206288666&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB, CN=extranet.pg.siemens.com" "2017-09-08 10:53:46" "2019-09-08 10:53:46" "02" "08"

Assignee: wthayer → rufus.buschart

Down to two:
"https://crt.sh/?id=206289727&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=Siemens, CN=www.translation.siemens.com" "2017-09-08 11:15:14" "2019-09-08 11:15:14" "02" "08"
"https://crt.sh/?id=206288666&opt=ocsp" "C=DE, ST=Bayern, L=Muenchen, O=Siemens, OU=GS IT ECM WEB, CN=extranet.pg.siemens.com" "2017-09-08 10:53:46" "2019-09-08 10:53:46" "02" "08"

They will be revoke by EoB today

The last two certificates are revoked, too. In the very moment it is only visible on OCSP as the CRL is only build every 24 hours. I'll close this bug, as soon as the CRLs are published as well.

The revocation of the last two is now also visible on the CRL (and in crt.sh). Therefor I'll close this bug.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
Resolution: WORKSFORME → FIXED
Product: NSS → CA Program
Summary: QuoVadis / Siemens: Insufficient serial number entropy → QuoVadis / Siemens: Insufficient serial number entropy
Whiteboard: [ca-compliance] → [ca-compliance] [ov-misissuance]
You need to log in before you can comment on or make changes to this bug.