CT certs with invalid roots

[Syed Farhan]

Hi,

I'm looking at a few entries in the google managed CT logs that have a root certificate that is not a part of the CT root store. As far as I can tell these roots were never present in the CT root store, yet I can see these certificates in the CT logs. Can anyone help me understand if there's something I'm missing here:

1. Karategirls.eu
   • CT name: Pilot
   • Index: 10546471
   • Root (SHA256): 210370a1a744aa211e4bcaf59191fd9f47ab4fbe986fa89142aee1f15bca923c
2. w3.awstls.com
   • CT name: Pilot
   • Index: 524585842
   • Root (SHA256): 64903546a58058d1e6f1bead1134ede66a6831d231f0df8d4e28535d7a300496
3. www.dukey.org 
   1. CT name: Pilot
   2. Index: 10617196
   3. Root (SHA256): 7cfdcf570db7b109c76272bb12802ffe19604e9a37895c19cc96c52ab1cfd56d

Thanks,

Farhan

[Rob Stradling]

Hi Farhan.  This issue was discussed in this thread: https://groups.google.com/a/chromium.org/g/ct-policy/c/Itoq0YUZTlA/m/24hkszkVBAAJ

---

From: certificate-...@googlegroups.com <certificate-...@googlegroups.com> on behalf of Syed Farhan <syedfa...@gmail.com>
Sent: 07 October 2021 15:50
To: certificate-transparency <certificate-...@googlegroups.com>
Subject: CT certs with invalid roots

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/515443ea-f33b-47a9-bb2b-14914616eb6an%40googlegroups.com.