Public Discussion of Microsec Ltd. CA Inclusion Request

80 views
Skip to first unread message

Chris Clements

unread,
Nov 7, 2025, 9:20:01 AM (13 days ago) Nov 7
to public

All,


This email commences a six-week public discussion of Microsec’s request to include the following certificate as publicly trusted root certificates in one or more CCADB Root Store programs. This discussion period is scheduled to close on December 19, 2025.


The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store.  


Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of Microsec Ltd. must promptly respond directly in the discussion thread to all questions posted.

CCADB Case Number: 00001692

Organization Background Information (listed in CCADB):

Certificates Requesting Inclusion:

e-Szigno TLS Root CA 2023 (requesting inclusion into three root stores)

Existing Publicly Trusted Root CAs from Microsec:

Microsec e-Szigno Root CA 2009:

  • Certificate links: (CA Repository / crt.sh)

  • SHA-256 Certificate Fingerprint: 3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378

  • Trust Bits/EKUs: Client Authentication;Code Signing;Secure Email;Server Authentication;Encrypting File System;Time Stamping;IP Security Tunnel Termination;IP Security User

  • Included in: Apple, Google Chrome, Microsoft, Mozilla

  • Certificate corpus: here (Censys login required)

e-Szigno Root CA 2017:

  • Certificate links: (CA Repository / crt.sh)

  • SHA-256 Certificate Fingerprint: BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99

  • Trust Bits/EKUs: Client Authentication;Code Signing;Document Signing;Secure Email;Server Authentication;Time Stamping

  • Included in: Google Chrome, Microsoft, Mozilla

  • Certificate corpus: here (Censys login required)

e-Szigno TLS Root CA 2023:

  • Certificate links: (CA Repository / crt.sh)

  • SHA-256 Certificate Fingerprint: B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4

  • Trust Bits/EKUs: Client Authentication;Server Authentication

  • Included in: Microsoft

  • Certificate corpus: here (Censys login required)

Relevant Policy and Practices Documentation:

Most Recent Self-Assessment:

Audit Statements:

  • Auditor: Hunguard

  • Audit Criteria: ETSI EN 319 411

  • Recent Audit Statement(s): 

Incident Summary (Bugzilla incidents from previous 24 months):

  • 1865880: Microsec: Findings in 2023 Audit

  • 1886257: Microsec: Misissuance an EV TLS certificate without CPSuri

  • 1886998: Microsec: Late response to a CPR

  • 1887110: Microsec: Delayed revocation of the misissued certificates

  • 1889699: Microsec: Disallowed subject attribute field in DV certificate

  • 1925239: Microsec: Expired Certificates on test Pages for Revocation

  • 1952519: Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB


Thank you

-Chris, on behalf of the CCADB Steering Committee


Reply all
Reply to author
Forward
0 new messages