More certificates with invalid dnsNames

510 views
Skip to first unread message

Jonathan Rudenberg

unread,
Aug 12, 2017, 10:58:54 PM8/12/17
to mozilla-dev-s...@lists.mozilla.org
I’ve found 54 additional unexpired unrevoked certificates that are known to CT and trusted by NSS containing dnsNames that are invalid. The errors include invalid characters, internal names, and wildcards in the wrong position.

The full list is here: https://misissued.com/batch/8/

There are a few threads from the past few weeks about similar certificates, but as far as I know none of the certificates on this list have been discovered yet.

I’ve included a summary of the CCADB owners and intermediates at the end of this email.

Jonathan



DigiCert (18)
TI Trust Technologies Global CA (16)
Justica (1)
WellsSecure Certification Authority 01 G2 (1)

DocuSign (OpenTrust/Keynectis) (10)
CLASS 2 KEYNECTIS CA (8)
KEYNECTIS SSL RGS (2)

AC Camerfirma, S.A. (4)
AC CAMERFIRMA AAPP (2)
Camerfirma Corporate Server II - 2015 (2)

Certinomis (4)
Certinomis - Easy CA (2)
Certinomis Serveurs et Equipements (2)

Symantec / VeriSign (3)
Symantec Class 3 Secure Server CA - G4 (2)
Symantec Class 3 Secure Server SHA256 SSL CA (1)

Visa
Visa eCommerce Issuing CA (2)

Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert)
EC-SectorPublic (2)

Taiwan-CA Inc. (TWCA)
TWCA Secure SSL Certification Authority (1)

WoSign CA Limited
StartCom Class 3 OV Server CA (1)

CA Disig a.s.
CA Disig R2I2 Certification Service (1)

Actalis
Actalis Authentication CA G3 (1)

PROCERT
PSCProcert (1)

Comodo
Intel External Basic Issuing CA 3B (1)

Izenpe S.A.
EAEko Herri Administrazioen CA - CA AAPP Vascas (2) (1)

WISeKey
WISeKey CertifyID Advanced Services CA 4 (1)

T-Systems International GmbH (Deutsche Telekom)
Uni-Osnabrueck RZ-CA G-002 (1)

QuoVadis
QuoVadis Global SSL ICA G2 (1)

Symantec / GeoTrust
RapidSSL SHA256 CA - G3 (1)
Reply all
Reply to author
Forward
0 new messages