[SSL Observatory] Turktrust erroneously issued sub-CA certificates
Andy Isaacson
adi at hexapodia.org
Thu Jan 3 10:57:00 PST 2013
On Thu, Jan 03, 2013 at 10:13:54AM -0800, Andy Isaacson wrote:
> http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html
>
> TURKTRUST told us that based on our information, they discovered
> that in August 2011 they had mistakenly issued two intermediate CA
> certificates to organizations that should have instead received
> regular SSL certificates.
Microsoft's announcement provides the names of the two certificates.
http://blogs.technet.com/b/msrc/archive/2013/01/03/security-advisory-2798897-released-certificate-trust-list-updated.aspx
TURKTRUST Inc. incorrectly created two subsidiary Certificate
Authorities: (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The
*.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent
digital certificate to *.google.com.
-andy
More information about the Observatory
mailing list