Recently, Google found a google.com pre-certificate in a CT log, without having ordered one. This lead to a series of incidents, also involving Opera and its security team.

The backstory

Google promptly contacted Symantec who had issued the pre-certificate, and blocked the certificate in Chrome. Symantec investigated and found out that they had made mistakes in their testing, issuing certificates they were not allowed to issue. Some of the incorrectly issued certificates were for opera.com. We have blacklisted the relevant certificates in Opera, and do not believe any of our users were ever at risk due to this. According to Symantec, none of the private keys ever left their testing lab.

We were informed about the opera.com certificates the following week, and eventually received the certificate details. We strongly encouraged Symantec to be as open as possible about this incident, and share as much information as possible. As a result of this incident, Symantec did an internal review, and found some more misissued certificates. Due to inquisitive questions, Symantec did another internal review, and found some more misissued certificates. In total, Symantec has disclosed that 2647 certificates were misissued by them.

Improving the system

The entire certificate system is based upon trust, and anything undermining that trust is a serious issue, so also for issuing invalid certificates. Symantec is one of the main certificate issuers, and ought to be transparent and open. Of the 2647 certificates, 2645 were found after questions were filed about publicly available information, showing the value of openness to the system. We expect to see a public audit report about what went wrong, backing up all the details in the latest report from Symantec. For now, we do not plan to override any root decisions made by the root stores used by Opera, but this option remains open to us, depending on further actions from Symantec.

In the long run the certificate system is not well served with CAs having to learn the hard way. Even if Symantec has learned their lesson, other CAs might still make the same mistakes. The takeaway of this incident is that Certificate Transparency works, the community discovered the error even before Symantec itself did. Opera will continue to support and push for Certificate Transparency to be used ubiquitously by CAs, and is working towards CAs needing to disclose any such issues in a transparent manner.