SSL EV certificate without businessCategory in subject

https://crt.sh/?id=3D227157888 is a certificate issued by Camerfirma.

We've detected it at 09/10/2017 18:36 (UTC+2) in a daily internal control m=
ade by our quality team.

It's due an invalid character in the request, we're applying a manual contr=
ol to prevent this error.

We're developing a technical control to prevent this kind of errors.

We're going to replace (revoke and issue another one) the certificate once =
we can contact with the client (they=E2=80=99re in a different time zone UT=
C+8).

Juan Angel
0
martin_ja
10/10/2017 8:53:27 AM
mozilla.dev.security.policy 1213 articles. 1 followers. Post Follow

1 Replies
38 Views

Similar Articles

[PageSpeed] 31

On Tuesday, 10 October 2017 12:05:15 UTC+2, mart...@camerfirma.com  wrote:
> https://crt.sh/?id=3D227157888 is a certificate issued by Camerfirma.
>=20
> We've detected it at 09/10/2017 18:36 (UTC+2) in a daily internal control=
 made by our quality team.
>=20
> It's due an invalid character in the request, we're applying a manual con=
trol to prevent this error.
>=20
> We're developing a technical control to prevent this kind of errors.
>=20
> We're going to replace (revoke and issue another one) the certificate onc=
e we can contact with the client (they=E2=80=99re in a different time zone =
UTC+8).
>=20
> Juan Angel

Sounds like a CSR-injection vulnerability. ;-)
0
okaphone
10/10/2017 11:53:51 AM
Reply: