Dear Wayne, Our two customers requested to use original CSR to issue two shorter validity SSL certificates. By the re-issuance function of a program, to insert original applications data, our SSL RA Officers checked the addresses but they forgot to add L in Subject DN. So there are two SSL Certificates as below lack of L or S in Subject DN. 1.Serial Number:20BD5F0B51809E44C0718AB133CA5E78 CN=*.sercomm.com, O=中磊電子股份有限公司, C=TW or https://crt.sh/?id=508868868 2.Serial Number:3CE33A6D8899A211FB2D296D9E0B69CB CN=app3.uupon.tw, O=點鑽整合行銷股份有限公司, C=TW or https://crt.sh/?id=512788172 Our researchers of Telecommunication Laboratories of Chunghwa Telecom found above issue on June 11 and told our SSL RA Officers to contact the customers. When I was back to my office after the travlelling from England and disussed with my colleauges, I mailed the situation and the plan to Wayne and Kathleen on June 15.
This certificate of https://crt.sh/?id=512788172 was revoked on June 11 soon. We have re-issued new certificates for two customers as below: 42664EEA106F2CBF736ADBF949D4218F CN=*.sercomm.com, O=中磊電子股份有限公司, L=臺北市, C=TW or https://crt.sh/?id=519100183 100079C87402938109A5FEC040C5BE0F CN=app3.uupon.tw, O=點鑽整合行銷股份有限公司, L=臺北市, C=TW or https://crt.sh/?id=549539943 After our customer installed a new certificate (https://crt.sh/?id=519100183) in their web servers, network equipments and firewall, The certificate of https://crt.sh/?id=508868868 was revoked on June 21,. The checking function of Subject DN about either L or S are online June 22. I mailed to Wayne and Kathleen on June 22. We confirm that the problem has been solved and will not happen in the future. As we have discussed in CABF, Taiwan is a small country without state/provinces. We follow X.500, X.520 and Taiwan’s government’s DIT for the certificates. We can unique identify the subject without state/provinces and locality in DN for a central government agency or a company. (For example, In Taiwan's Company Act, https://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=J0080001, Article 18 No company may use a corporate name which is identical with that of another company. ). We really receive some subscribers of central government agency or a company asked why your CA adds L in the subject DN of an SSL certificate. We explain that we follow the BR about either L or S should be in Subject DN now. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
