Dear All! We have used the last week to address all the issues:
* all the certificates with problems (CN, validty) have been replaced with our customers * the field for the business Category has been changed to only accept the valid strings * to avoid problems with replacmenet certificates that had the same serial number in the subject, we have implemented a longer serial number in the dedicated field, that fulfills the 20 Bits of Entropy requirement and is completely random To prevent future problems with values in the certficate fields, we have implemented another layer of cross checks after the issuing of the certificate. Until now, the checks performed by the agent have been verified by a second agent, who wasn't involved in the process until then. We will now perform another check after each certificate hast been issued and before it is sent to the customer. This check includes: used domains and values in cn / Subject Alternativ Name, key length, business category, general integrity of als values in the Subject, validity period and lenght of the serial number. We hope to avoid issues as found in this thread and I would like to thank everybody for pointing them out. Regards, Christoph Klein A-Trust GmbH _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
