CT certs with invalid roots

Skip to first unread message

Syed Farhan

Oct 7, 2021, 11:38:13 AM10/7/21
to certificate-transparency

I'm looking at a few entries in the google managed CT logs that have a root certificate that is not a part of the CT root store. As far as I can tell these roots were never present in the CT root store, yet I can see these certificates in the CT logs. Can anyone help me understand if there's something I'm missing here:

  1. Karategirls.eu
    • CT name: Pilot
    • Index: 10546471
    • Root (SHA256): 210370a1a744aa211e4bcaf59191fd9f47ab4fbe986fa89142aee1f15bca923c
  2. w3.awstls.com
    • CT name: Pilot
    • Index: 524585842
    • Root (SHA256): 64903546a58058d1e6f1bead1134ede66a6831d231f0df8d4e28535d7a300496
  3. www.dukey.org 
    1. CT name: Pilot
    2. Index: 10617196
    3. Root (SHA256): 7cfdcf570db7b109c76272bb12802ffe19604e9a37895c19cc96c52ab1cfd56d

Rob Stradling

Oct 7, 2021, 6:30:40 PM10/7/21
to certificate-...@googlegroups.com
Hi Farhan.  This issue was discussed in this thread: https://groups.google.com/a/chromium.org/g/ct-policy/c/Itoq0YUZTlA/m/24hkszkVBAAJ

From: certificate-...@googlegroups.com <certificate-...@googlegroups.com> on behalf of Syed Farhan <syedfa...@gmail.com>
Sent: 07 October 2021 15:50
To: certificate-transparency <certificate-...@googlegroups.com>
Subject: CT certs with invalid roots

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/515443ea-f33b-47a9-bb2b-14914616eb6an%40googlegroups.com.
Reply all
Reply to author
0 new messages