Open Bug 2009941 Opened 3 days ago Updated 3 days ago

Firmaprofesional: Misissuance of TLS Subordinate CA "AC Firmaprofesional - Secure Web 2024"

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: ext-antoni.camon, Assigned: ext-antoni.camon)

Details

(Whiteboard: [ca-compliance] [ca-misissuance])

Preliminary Incident Report

Summary

Incident description:

Firmaprofesional has identified a misissuance involving the TLS Subordinate CA
“Secure Web 2024”, which was issued with a Subject containing the
organizationalUnitName attribute.

At the time of issuance of this Subordinate CA certificate, the inclusion of
organizationalUnitName was not permitted for TLS Subordinate CA
certificates under the TLS Baseline Requirements. As a result, the affected
Subordinate CA certificate and the Subscriber certificates issued under
it are within scope of this incident.

The Subordinate CA certificate can be referenced publicly at:
https://crt.sh/?id=12241615680

Relevant policies:

  • Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS
    Server Certificates
    • Section 7.1.2.10.2 – CA Certificate Naming
    • Section 4.9.1.1 – Reasons for Revoking a Subscriber Certificate
    • Section 4.9.1.2 – Reasons for Revoking a Subordinate CA Certificate

Source of incident disclosure:

The issue was reported to Firmaprofesional by an external party via a Certificate
Problem Report, received on Sunday at approximately 05:00 UTC.

This incident is currently under investigation. Follow-up updates, including a
full incident report, will be provided in this bug.

Assignee: nobody → ext-antoni.camon
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance] [ca-misissuance]
You need to log in before you can comment on or make changes to this bug.