Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Certificate with invalid CN and dnsName issued by certSIGN

156 views
Skip to first unread message

Jonathan Rudenberg

unread,
Aug 2, 2017, 12:28:48 PM8/2/17
to mozilla-dev-s...@lists.mozilla.org, off...@certsign.ro
This certificate, issued on July 27 by certSIGN, has an invalid common name of “todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading space):

https://crt.sh/?q=93EACBC95AE53D57322CA9646DCF260AE240369714906CD464561402BF32CE96&opt=cablint

Jonathan Rudenberg

unread,
Aug 2, 2017, 12:48:15 PM8/2/17
to mozilla-dev-s...@lists.mozilla.org

> On Aug 2, 2017, at 12:28, Jonathan Rudenberg via dev-security-policy <dev-secur...@lists.mozilla.org> wrote:
>
> This certificate, issued on July 27 by certSIGN, has an invalid common name of “todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading space):
>
> https://crt.sh/?q=93EACBC95AE53D57322CA9646DCF260AE240369714906CD464561402BF32CE96&opt=cablint

The above is not the first certificate issued by certSIGN with a leading space in a dnsName, which points to a failure in technical controls. Here is another one:

https://crt.sh/?q=91782A8F1182E239D49FABA796CFDF17AFC22A0D035838FD77FDD633FC72C416&opt=cablint

0 new messages