Fatal error leads TURKTRUST to issue dangerous SSL certificates
The Turkish certificate publisher TURKTRUST has made what could be a fatal mistake, issuing two SSL intermediary certificates that could be used to issue certificates for arbitrary domains. With one of the intermediary or SubCA certificates, an SSL certificate was not only issued for *.google.com, but also put into use. According to TURKTRUST the incident is the result of a chain of unfortunate circumstances and there is no evidence of abuse at the company.
Google discovered the issue on Christmas Eve, thanks to its certificate pinning mechanisms in Chrome which detected the unauthorised certificate for the domain. Google analysed the certificate and found that it was apparently issued by an intermediate certificate authority with the full authority of the TURKTRUST certificate authority; it then alerted TURKTRUST and other browser vendors.
According to circulated information, the company issued the two certificates in August 2011. Apparently the company's systems were incorrectly configured after a software change which is why, in two cases, they issued SubCA certificates instead of the usual web site certificates to customers. According to the Microsoft Advisory, the two certificates were issued to *.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org. It was the *.EGO.GOV.TR domain which went on to be used to issue the wildcard certificate for the Google domain.
TURKTRUST has an explanation for this issuing of a wildcard certificate though. Apparently the erroneously issued SubCA certificate was installed on an IIS server that provided webmail services. On 6 December 2012 though, the certificate and corresponding private key were exported to a Checkpoint firewall appliance. This firewall was configured to act as a SSL man in the middle, and, for this purpose, it issued certificates for HTTPS web sites that were being accessed by users behind the firewall. So, when a user behind the firewall eventually requested a google.com site, the firewall would have created the Google certificate.
The certification body says that it immediately cancelled the SubCA certificate after receiving information from Google about its discovery. The other certificate was, it says, cancelled before it was used, at the customer's request.
According to Microsoft's advisory, the SubCAs were created by a root certificate called "TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri". Mozilla said in its security blog that it was also going to remove a certificate for "TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007", a newer root certificate which was due to be included in a future Firefox, but had so far only been included in Firefox 18 beta.
Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January. Microsoft has already adjusted its certificate trust list (CTL), which is distributed automatically to all Microsoft operating systems since Vista. Users of older operating systems will need to manually update. Google's Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates.