CT certs with invalid roots

118 views
Skip to first unread message

Syed Farhan

unread,
Oct 7, 2021, 11:38:13 AM10/7/21
to certificate-transparency
Hi,

I'm looking at a few entries in the google managed CT logs that have a root certificate that is not a part of the CT root store. As far as I can tell these roots were never present in the CT root store, yet I can see these certificates in the CT logs. Can anyone help me understand if there's something I'm missing here:

  1. Karategirls.eu
    • CT name: Pilot
    • Index: 10546471
    • Root (SHA256): 210370a1a744aa211e4bcaf59191fd9f47ab4fbe986fa89142aee1f15bca923c
  2. w3.awstls.com
    • CT name: Pilot
    • Index: 524585842
    • Root (SHA256): 64903546a58058d1e6f1bead1134ede66a6831d231f0df8d4e28535d7a300496
  3. www.dukey.org 
    1. CT name: Pilot
    2. Index: 10617196
    3. Root (SHA256): 7cfdcf570db7b109c76272bb12802ffe19604e9a37895c19cc96c52ab1cfd56d
Thanks,
Farhan

Rob Stradling

unread,
Oct 7, 2021, 6:30:40 PM10/7/21
to certificate-...@googlegroups.com
Hi Farhan.  This issue was discussed in this thread: https://groups.google.com/a/chromium.org/g/ct-policy/c/Itoq0YUZTlA/m/24hkszkVBAAJ


From: certificate-...@googlegroups.com <certificate-...@googlegroups.com> on behalf of Syed Farhan <syedfa...@gmail.com>
Sent: 07 October 2021 15:50
To: certificate-transparency <certificate-...@googlegroups.com>
Subject: CT certs with invalid roots
 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/515443ea-f33b-47a9-bb2b-14914616eb6an%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages