On Saturday, January 30, 2016 at 3:03:21 AM UTC+2, David Keeler wrote: > On 12/10/2015 12:01 PM, Kathleen Wilson wrote: > ... > > * Test Website: https://fedir.comsign.co.il/test.html > > The certificate presented by the test website specifies "ISRAEL" in the > Country field of the Subject DN, whereas I understand it should be the > two-letter country code "IL". Is there a mechanism in place to prevent > these sorts of errors? > > Thanks, > David
Hello David, It appears that you are absolutely right. We probably have a bug in the process of generating OV (Organization Validation) SSL certificates - some of the country codes in the subject information DN are being generated as full country names. However, this bug does not affect Domain Validated SSL certificates. And since the CA is not yet actively issuing SSL certificates, and the only OV SSL certificates that we issued so far by this root are test certificates - then the easiest solution for us at the moment is to disable the OV SSL certificates mechanism and to leave active only the DV SSL certificates issuing mechanism. We've issued a new DV SSL certificate for the test site, and we are now working to fix this bug. Only after the bug is fixed we shall re-activate our OV SSL issuing mechanism. Thank you for your observation. Eli Spitzer | Information security & System Management | Comsign _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
