Dear All! Thank you for contributing in our discussion and illustrate some existing problems with our certificates. I would like to address the stated points seperatley.
* Wrong CNs in Subject (1, True, BSB-oenb): This was an issue that arose with the switch to SHA-256 certificates in combination with OIDs for administrative certificates. The problem is fixed and new certificates will not be affected. We have already contacted the customers and will replace all the issued certificates within the next week. * Certifcates with a validty larger than 39 months were issued for a short time and are already being replaced, the old certificates will be revoked shortly. * 20 Bits of Entropy: the Serialnumber included in the Subject of our SSL - certificatges is randomly generated * V Clause (X): We analyzed this problem and found an issue, where the variable wasn't transfered into the final certificate. This bug has been around since our first issued EV certificate and wasn't noticed until now. The problem is fixed, new certificates will replace the x with the proper letter. * rfc822 Name in SAN / ANS1 Error: we will not add any more E-Mail Addresses in the SAN or the subject. Regards, Christoph Klein A-Trust GmbH _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
