Public Discussion of Microsec Ltd. CA Inclusion Request

Chris Clements

unread,

Nov 7, 2025, 9:20:01 AM11/7/25

to public

All,

This email commences a six-week public discussion of Microsec’s request to include the following certificate as publicly trusted root certificates in one or more CCADB Root Store programs. This discussion period is scheduled to close on December 19, 2025.

The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store.

Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of Microsec Ltd. must promptly respond directly in the discussion thread to all questions posted.

CCADB Case Number: 00001692

Organization Background Information (listed in CCADB):

CA Owner Name: Microsec Ltd.
Website: https://e-szigno.hu/en/
Address: Ángel Sanz Briz út 13. Graphisoft Park Southern Area, Building C Budapest, H-1033 Hungary
Problem Reporting Mechanisms: in...@e-szigno.hu, https://e-szigno.hu/security-events-report
Organization Type: Private Corporation
Repository URL: https://e-szigno.hu/documents-and-policies

Certificates Requesting Inclusion:

e-Szigno TLS Root CA 2023 (requesting inclusion into three root stores)

Certificate links: (CA Repository / crt.sh)
SHA-256 Certificate Fingerprint: B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4
Intended use cases served/EKUs:

Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
Client Authentication 1.3.6.1.5.5.7.3.2

Test websites:

Valid: https://eqtlsca2023-valid.e-szigno.hu
Revoked: https://eqtlsca2023-revoked.e-szigno.hu/
Expired: https://eqtlsca2023-expired.e-szigno.hu
DV Automation: None
OV Automation: None
EV Automation: None

Existing Publicly Trusted Root CAs from Microsec:

Microsec e-Szigno Root CA 2009:

Certificate links: (CA Repository / crt.sh)
SHA-256 Certificate Fingerprint: 3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378
Trust Bits/EKUs: Client Authentication;Code Signing;Secure Email;Server Authentication;Encrypting File System;Time Stamping;IP Security Tunnel Termination;IP Security User
Included in: Apple, Google Chrome, Microsoft, Mozilla
Certificate corpus: here (Censys login required)

e-Szigno Root CA 2017:

Certificate links: (CA Repository / crt.sh)
SHA-256 Certificate Fingerprint: BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99
Trust Bits/EKUs: Client Authentication;Code Signing;Document Signing;Secure Email;Server Authentication;Time Stamping
Included in: Google Chrome, Microsoft, Mozilla
Certificate corpus: here (Censys login required)

e-Szigno TLS Root CA 2023:

Certificate links: (CA Repository / crt.sh)
SHA-256 Certificate Fingerprint: B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4
Trust Bits/EKUs: Client Authentication;Server Authentication
Included in: Microsoft
Certificate corpus: here (Censys login required)

Relevant Policy and Practices Documentation:

Document Repository: https://e-szigno.hu/documents-and-policies
Markdown/AsciiDoc CP/CPS: https://github.com/microsec/regulations
CP: https://e-szigno.hu/docs/latest-regulation/eidas_hr_all_all/eng
CPS: https://e-szigno.hu/docs/latest-regulation/eidas_szsz_all_all/eng

Most Recent Self-Assessment:

https://docs.google.com/spreadsheets/d/1FB1yKjnLeuX7O-8k6Fj199aNT_xA3anGySqNiLPTXDs/edit?gid=2064058180#gid=2064058180

Audit Statements:

Auditor: Hunguard
Audit Criteria: ETSI EN 319 411
Recent Audit Statement(s):

Root Key Generation (June 7, 2023)
Standard Audit (Period: September 10, 2023 - September 9, 2024)
TLS BR Audit (Period: September 10, 2023 - September 9, 2024)
TLS EVG Audit (Period: September 10, 2023 - September 9, 2024)

Incident Summary (Bugzilla incidents from previous 24 months):

1865880: Microsec: Findings in 2023 Audit
1886257: Microsec: Misissuance an EV TLS certificate without CPSuri
1886998: Microsec: Late response to a CPR
1887110: Microsec: Delayed revocation of the misissued certificates
1889699: Microsec: Disallowed subject attribute field in DV certificate
1925239: Microsec: Expired Certificates on test Pages for Revocation
1952519: Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB

Thank you

-Chris, on behalf of the CCADB Steering Committee

Chris Clements

unread,

Dec 15, 2025, 11:37:27 AM12/15/25

to public

All,

This is a reminder that the public discussion period for Microsec's inclusion application closes on Friday, December 19, 2025.

Thank you
-Chris, on behalf of the CCADB Steering Committee

Chris Clements

unread,

Dec 23, 2025, 1:51:00 PM12/23/25

to public

On November 7, 2025, we began a six-week, public discussion regarding Microsec's request to include its root certificate:

e-Szigno TLS Root CA 2023

The public discussion period has now ended.

We received no objections, questions, or comments opposing Microsec's request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, based on each Root Store Operator's inclusion criteria and timelines. Further discussion may take place in the independently managed Root Store community forums (i.e., MDSP).

Thank you
-Chris, on behalf of the CCADB Steering Committee

Reply all

Reply to author

Forward