I've created https://bugzilla.mozilla.org/show_bug.cgi?id=1532429 to track this incident.
On Fri, Mar 1, 2019 at 1:55 PM David E. Ross via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2/28/2019 7:45 PM, 孙圣男 wrote: > > Dear Mozilla: > > This problem had been confirmed. We contacted the customer and > > confirmed this certificate haven't been deployed to production system, no > > damage is caused. This certificate had been revoked in March 1, 2019. We > had > > fixed this bug in February 27 update. > > > > Best wishes! > > > > Jonathan Sun > > Certificate Product Manager > > International Coperation Group > > Tel: +86 010 80864127 > > > > > > -----邮件原件----- > > 发件人: Buschart, Rufus <rufus.busch...@siemens.com> > > 发送时间: 2019年2月28日 19:00 > > 收件人: r...@cfca.com.cn > > 主题: Certificate Problem Report (9WG: CFCA certificate with invalid > domain) > > > > Dear PKI team at CFCA! > > > > There is a misissued certificate > > https://crt.sh/?id=1231965201&opt=cablint,x509lint,zlin from your CA > which > > is not revoked yet. I think you should have a look. > > > > > > With best regards, > > Rufus Buschart > > > > Siemens AG > > Information Technology > > Human Resources > > PKI / Trustcenter > > GS IT HR 7 4 > > Hugo-Junkers-Str. 9 > > 90411 Nuernberg, Germany > > Tel.: +49 1522 2894134 > > mailto:rufus.busch...@siemens.com > > www.twitter.com/siemens > > > > www.siemens.com/ingenuityforlife > > > > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim > Hagemann > > Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief > Executive > > Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik > > Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and > Munich, > > Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, > > HRB 6684; WEEE-Reg.-No. DE 23691322 > > > >> -----Ursprüngliche Nachricht----- > >> Von: dev-security-policy > >> <dev-security-policy-boun...@lists.mozilla.org> Im Auftrag von > >> michel.lebihan2000--- via dev-security-policy > >> Gesendet: Mittwoch, 27. Februar 2019 08:54 > >> An: mozilla-dev-security-pol...@lists.mozilla.org > >> Betreff: CFCA certificate with invalid domain > >> > >> Hello, > >> > >> I noticed this certificate > >> https://crt.sh/?id=1231965201&opt=cablint,x509lint,zlint that has an > >> invalid domain `mail.xinhua08.con` in SANs. This looks like a typo and > > `mail.xinhua08.com` is present in other certificates. Such an issue > makes me > > wonder about the quality of their validation. > >> _______________________________________________ > >> dev-security-policy mailing list > >> dev-security-policy@lists.mozilla.org > >> https://lists.mozilla.org/listinfo/dev-security-policy > > > > This message indicates one certificate was revoked. However, the > message originally reporting any problem indicated that more than one > certificate was affected. Please describe how many certificates were > actually affected. If indeed more than one was affected, explain why > only one was revoked. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy